79 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0

<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p> <p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16933 •

CVSS: 9.3EPSS: 63%CPEs: 17EXPL: 1

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013 y 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office para Mac 2011; Word Automation Services en SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2 y Office Web Apps Server 2013 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos RTF manipulados, tal y como fue explotado en marzo 2014. Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. • https://www.exploit-db.com/exploits/32793 http://technet.microsoft.com/security/advisory/2953095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-017 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers https://www.virustotal.com/en/file/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a/analysis • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 44%CPEs: 13EXPL: 0

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 Service Pack 3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; cOffice Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 y SP2 y 2013; Office Web Apps 2010 SP1 y SP2, y Office Web Apps Server 2013 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado, también conocido como "Vulnerabilidad de corrupcion de memoria Word" • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 44%CPEs: 4EXPL: 0

Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." Microsoft Word 2003 SP3 y 2007 SP3, Office Compatibility Pack SP3 y Word Viewer permite a atacantes remotos ejecutar código d eforma arbitraria o causar una denegación de servicio (corrupción de memoria) a través de un documento Office manipulado, tambien conocido como "Word Memory Corruption Vulnerability." • http://www.securitytracker.com/id/1029598 http://www.securitytracker.com/id/1029599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 64%CPEs: 13EXPL: 0

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado. Aka "Word Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •