This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2012-05-08
Product Office Last view 2017-06-14
Version 2010 Type Application
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:office

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2017-06-14 CVE-2017-8511

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3 2015-08-14 CVE-2015-2466

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability."

9.3 2014-10-15 CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."

7.8 2013-11-06 CVE-2013-3906

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

6.9 2013-09-11 CVE-2013-3859

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

9.3 2012-08-14 CVE-2012-2524

Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."

6.9 2012-07-10 CVE-2012-1854

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

9.3 2012-05-08 CVE-2012-0165

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

9.3 2012-05-08 CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-20 Improper Input Validation
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

ExploitDB Exploits

id Description
30011 Microsoft Tagged Image File Format (TIFF) Integer Overflow

OpenVAS Exploits

id Description
2012-08-15 Name : Microsoft Office Remote Code Execution Vulnerability (2731879)
File : nvt/secpod_ms12-057.nasl
2012-07-11 Name : Visual Basic for Applications Remote Code Execution Vulnerability (2707960)
File : nvt/secpod_ms12-046.nasl
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0194 Multiple Vulnerabilities in Microsoft Office (MS15-081)
Severity: Category II - VMSKEY: V0061307
2013-A-0225 Microsoft GDI Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0042593
2013-B-0102 Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0040301
2012-B-0075 Microsoft Office Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0033652
2012-A-0109 Microsoft Visual Basic for Applications Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0033311

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-03-26 Microsoft Office Word styleWithEffects use-after-free attempt
RuleID : 49254 - Type : FILE-OFFICE - Revision : 4
2019-03-26 Microsoft Office Word styleWithEffects use-after-free attempt
RuleID : 49253 - Type : FILE-OFFICE - Revision : 4
2015-09-10 Microsoft cabinet file default sha1 signature detected
RuleID : 35528 - Type : POLICY-OTHER - Revision : 3
2015-09-10 Microsoft cabinet file default sha1 signature detected
RuleID : 35527 - Type : POLICY-OTHER - Revision : 3
2015-08-04 Microsoft Office Word nested tblStylePr element use after free attempt
RuleID : 35021 - Type : FILE-OFFICE - Revision : 3
2015-08-04 Microsoft Office Word nested tblStylePr element use after free attempt
RuleID : 35020 - Type : FILE-OFFICE - Revision : 4
2015-08-04 Microsoft Office Word nested tblStylePr element use after free attempt
RuleID : 35019 - Type : FILE-OFFICE - Revision : 3
2015-08-04 Microsoft Office Word nested tblStylePr element use after free attempt
RuleID : 35018 - Type : FILE-OFFICE - Revision : 3
2014-11-16 Microsoft Office Word styleWithEffects use-after-free attempt
RuleID : 32148 - Type : FILE-OFFICE - Revision : 4
2014-11-16 Microsoft Office Word styleWithEffects use-after-free attempt
RuleID : 32147 - Type : FILE-OFFICE - Revision : 4
2014-11-16 Microsoft Office .CGM file cell array heap overflow attempt
RuleID : 32064 - Type : FILE-OFFICE - Revision : 4
2014-11-16 Microsoft Office .CGM file cell array heap overflow attempt
RuleID : 32063 - Type : FILE-OFFICE - Revision : 3
2014-11-16 Microsoft Office .CGM file cell array heap overflow attempt
RuleID : 32062 - Type : FILE-OFFICE - Revision : 4
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28526 - Type : FILE-OFFICE - Revision : 8
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28525 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28488 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft GDI library TIFF handling memory corruption attempt
RuleID : 28487 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28473 - Type : FILE-OFFICE - Revision : 8
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28472 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28471 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28470 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28469 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28468 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28467 - Type : FILE-OFFICE - Revision : 9
2014-01-10 Microsoft Office GDI library TIFF handling integer overflow attempt
RuleID : 28466 - Type : FILE-OFFICE - Revision : 10

Nessus® Vulnerability Scanner

id Description
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office_web.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17_june_office.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-081.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms14-061.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms14-061.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The remote Windows host has a remote code execution vulnerability.
File: smb_nt_ms13-096.nasl - Type: ACT_GATHER_INFO
2013-09-17 Name: The version of Microsoft Office installed on the remote Windows host has a pr...
File: smb_nt_ms13-075.nasl - Type: ACT_GATHER_INFO
2012-08-15 Name: Arbitrary code can be executed on the remote host through Microsoft Office.
File: smb_nt_ms12-057.nasl - Type: ACT_GATHER_INFO
2012-07-11 Name: Arbitrary code can be executed on the remote host through Visual Basic for Ap...
File: smb_nt_ms12-046.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: Arbitrary code can be executed on the remote host through Microsoft Lync.
File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO