CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2018-8160
https://notcve.org/view.php?id=CVE-2018-8160
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. Existe una vulnerabilidad de divulgación de información en Outlook cuando se abre un mensaje. Esto también se conoce como "Microsoft Outlook Information Disclosure Vulnerability". Esto afecta a Word y Microsoft Office. • http://www.securityfocus.com/bid/104051 http://www.securitytracker.com/id/1040852 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 95%CPEs: 13EXPL: 1CVE-2017-11826 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11826
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 y 2013, Word Viewer, Word 2007, 2010, 2013 y 2016, Word Automation Services y Office Online Server permiten la ejecución remota de código cuando el software no gestiona correctamente objetos en la memoria. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. • https://github.com/thatskriptkid/CVE-2017-11826 http://www.securityfocus.com/bid/101219 http://www.securitytracker.com/id/1039541 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 4EXPL: 0CVE-2017-0243
https://notcve.org/view.php?id=CVE-2017-0243
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. Microsoft Office permite una vulnerabilidad de ejecución de código remota debido a la manera en que se manejan los objetos en la memoria, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente del CVE-2017-8570. • http://www.securityfocus.com/bid/99446 http://www.securitytracker.com/id/1038851 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 14EXPL: 0CVE-2015-0086
https://notcve.org/view.php?id=CVE-2015-0086
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, and Web Apps Server 2013 Gold and SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold y SP1, Word 2013 RT Gold y SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, y Web Apps Server 2013 Gold y SP1 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento RTF manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Microsoft Office.' • http://www.securitytracker.com/id/1031896 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 90%CPEs: 29EXPL: 0CVE-2015-0085 – Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0085
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold y SP1, Office 2013 RT Gold y SP1, Word 2013 RT Gold y SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold y SP1, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold y SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad del uso después de liberación de componentes de Microsoft Office.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the item1.xml file inside of the .docx package. By transposing elements, an attacker is able to cause a pointer to be re-used after it was freed. • http://www.securitytracker.com/id/1031896 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 •