Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2012-05-08 |
Product | Office | Last view | 2017-06-14 |
Version | 2010 | Type | Application |
Update | sp1 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:office |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2017-06-14 | CVE-2017-8511 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. |
9.3 | 2015-08-14 | CVE-2015-2466 | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability." |
9.3 | 2014-10-15 | CVE-2014-4117 | Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability." |
7.8 | 2013-11-06 | CVE-2013-3906 | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013. |
6.9 | 2013-09-11 | CVE-2013-3859 | Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability." |
9.3 | 2012-08-14 | CVE-2012-2524 | Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." |
6.9 | 2012-07-10 | CVE-2012-1854 | Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. |
9.3 | 2012-05-08 | CVE-2012-0165 | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." |
9.3 | 2012-05-08 | CVE-2012-0159 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
42% (3) | CWE-20 | Improper Input Validation |
14% (1) | CWE-399 | Resource Management Errors |
14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
14% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
ExploitDB Exploits
id | Description |
---|---|
30011 | Microsoft Tagged Image File Format (TIFF) Integer Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-08-15 | Name : Microsoft Office Remote Code Execution Vulnerability (2731879) File : nvt/secpod_ms12-057.nasl |
2012-07-11 | Name : Visual Basic for Applications Remote Code Execution Vulnerability (2707960) File : nvt/secpod_ms12-046.nasl |
2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0194 | Multiple Vulnerabilities in Microsoft Office (MS15-081) Severity: Category II - VMSKEY: V0061307 |
2013-A-0225 | Microsoft GDI Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0042593 |
2013-B-0102 | Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability Severity: Category II - VMSKEY: V0040301 |
2012-B-0075 | Microsoft Office Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0033652 |
2012-A-0109 | Microsoft Visual Basic for Applications Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0033311 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-03-26 | Microsoft Office Word styleWithEffects use-after-free attempt RuleID : 49254 - Type : FILE-OFFICE - Revision : 4 |
2019-03-26 | Microsoft Office Word styleWithEffects use-after-free attempt RuleID : 49253 - Type : FILE-OFFICE - Revision : 4 |
2015-09-10 | Microsoft cabinet file default sha1 signature detected RuleID : 35528 - Type : POLICY-OTHER - Revision : 3 |
2015-09-10 | Microsoft cabinet file default sha1 signature detected RuleID : 35527 - Type : POLICY-OTHER - Revision : 3 |
2015-08-04 | Microsoft Office Word nested tblStylePr element use after free attempt RuleID : 35021 - Type : FILE-OFFICE - Revision : 3 |
2015-08-04 | Microsoft Office Word nested tblStylePr element use after free attempt RuleID : 35020 - Type : FILE-OFFICE - Revision : 4 |
2015-08-04 | Microsoft Office Word nested tblStylePr element use after free attempt RuleID : 35019 - Type : FILE-OFFICE - Revision : 3 |
2015-08-04 | Microsoft Office Word nested tblStylePr element use after free attempt RuleID : 35018 - Type : FILE-OFFICE - Revision : 3 |
2014-11-16 | Microsoft Office Word styleWithEffects use-after-free attempt RuleID : 32148 - Type : FILE-OFFICE - Revision : 4 |
2014-11-16 | Microsoft Office Word styleWithEffects use-after-free attempt RuleID : 32147 - Type : FILE-OFFICE - Revision : 4 |
2014-11-16 | Microsoft Office .CGM file cell array heap overflow attempt RuleID : 32064 - Type : FILE-OFFICE - Revision : 4 |
2014-11-16 | Microsoft Office .CGM file cell array heap overflow attempt RuleID : 32063 - Type : FILE-OFFICE - Revision : 3 |
2014-11-16 | Microsoft Office .CGM file cell array heap overflow attempt RuleID : 32062 - Type : FILE-OFFICE - Revision : 4 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28526 - Type : FILE-OFFICE - Revision : 8 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28525 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft GDI library TIFF handling memory corruption attempt RuleID : 28488 - Type : OS-WINDOWS - Revision : 3 |
2014-01-10 | Microsoft GDI library TIFF handling memory corruption attempt RuleID : 28487 - Type : OS-WINDOWS - Revision : 3 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28473 - Type : FILE-OFFICE - Revision : 8 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28472 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28471 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28470 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28469 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28468 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28467 - Type : FILE-OFFICE - Revision : 9 |
2014-01-10 | Microsoft Office GDI library TIFF handling integer overflow attempt RuleID : 28466 - Type : FILE-OFFICE - Revision : 10 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO |
2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office_sharepoint.nasl - Type: ACT_GATHER_INFO |
2017-06-14 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jun_office_web.nasl - Type: ACT_GATHER_INFO |
2017-06-13 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_june_office.nasl - Type: ACT_GATHER_INFO |
2015-08-12 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms15-081.nasl - Type: ACT_GATHER_INFO |
2014-10-15 | Name: An application installed on the remote Mac OS X host is affected by a remote ... File: macosx_ms14-061.nasl - Type: ACT_GATHER_INFO |
2014-10-15 | Name: The remote host is affected by a remote code execution vulnerability. File: smb_nt_ms14-061.nasl - Type: ACT_GATHER_INFO |
2013-12-11 | Name: The remote Windows host has a remote code execution vulnerability. File: smb_nt_ms13-096.nasl - Type: ACT_GATHER_INFO |
2013-09-17 | Name: The version of Microsoft Office installed on the remote Windows host has a pr... File: smb_nt_ms13-075.nasl - Type: ACT_GATHER_INFO |
2012-08-15 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms12-057.nasl - Type: ACT_GATHER_INFO |
2012-07-11 | Name: Arbitrary code can be executed on the remote host through Visual Basic for Ap... File: smb_nt_ms12-046.nasl - Type: ACT_GATHER_INFO |
2012-06-13 | Name: Arbitrary code can be executed on the remote host through Microsoft Lync. File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO |
2012-05-09 | Name: A multimedia application framework installed on the remote Mac OS X host is a... File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO |
2012-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO |