CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-8627
https://notcve.org/view.php?id=CVE-2018-8627
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. Existe una vulnerabilidad de divulgación de información cuando el software de Microsoft Excel lee memoria fuera de límites debido a una variable no inicializada, que podría divulgar el contenido de la memoria. Esto también se conoce como "Microsoft Excel Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/106120 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-8378
https://notcve.org/view.php?id=CVE-2018-8378
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. Existe una vulnerabilidad de divulgación de información cuando el software de Microsoft Office lee memoria fuera de límites debido a una variable no inicializada, lo que podría divulgar los contenidos de memoria. Esto también se conoce como "Microsoft Office Information Disclosure Vulnerability". Esto afecta a Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint y Microsoft Office. • http://www.securityfocus.com/bid/104996 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378 • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 8%CPEs: 17EXPL: 0CVE-2018-0922
https://notcve.org/view.php?id=CVE-2018-0922
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". Microsoft Office 2010 SP2, 2013 SP1 y 2016, Microsoft Office 2016 Click-to-Run, Microsoft Office 2016 para Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 y Microsoft Word 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/103314 http://www.securitytracker.com/id/1040511 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 9%CPEs: 16EXPL: 0CVE-2018-0797
https://notcve.org/view.php?id=CVE-2018-0797
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestiona el contenido RTF. Esto también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/102406 http://www.securitytracker.com/id/1040153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 95%CPEs: 13EXPL: 1CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecución remota de código cuando el software no gestiona correctamente objetos en la memoria. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. • https://github.com/thatskriptkid/CVE-2017-11826 http://www.securityfocus.com/bid/101219 http://www.securitytracker.com/id/1039541 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •