This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2010-10-13
Product Excel Last view 2018-03-14
Version 2007 Type Application
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:excel

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2018-03-14 CVE-2018-0907

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".

8.8 2018-01-09 CVE-2018-0796

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

7.8 2017-07-11 CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

5.5 2017-04-12 CVE-2017-0194

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

7.8 2017-03-16 CVE-2017-0052

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.

4.7 2017-03-16 CVE-2017-0027

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

7.8 2017-03-16 CVE-2017-0006

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

7.8 2016-12-20 CVE-2016-7266

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.1 2016-12-20 CVE-2016-7265

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

7.1 2016-12-20 CVE-2016-7264

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

7.8 2016-12-20 CVE-2016-7262

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.8 2016-11-10 CVE-2016-7231

Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-11-10 CVE-2016-7229

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-11-10 CVE-2016-7228

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-11-10 CVE-2016-7213

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-09-14 CVE-2016-3381

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.

7.8 2016-09-14 CVE-2016-3365

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.

7.8 2016-09-14 CVE-2016-3363

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.

7.8 2016-09-14 CVE-2016-3362

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365.

7.8 2016-09-14 CVE-2016-3359

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-09-14 CVE-2016-3358

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-07-12 CVE-2016-3284

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.3 2016-06-15 CVE-2016-3233

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-04-12 CVE-2016-0136

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-04-12 CVE-2016-0122

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
64% (36) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (4) CWE-264 Permissions, Privileges, and Access Controls
7% (4) CWE-200 Information Exposure
7% (4) CWE-20 Improper Input Validation
5% (3) CWE-399 Resource Management Errors
3% (2) CWE-125 Out-of-bounds Read
3% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-19 Data Handling

Open Source Vulnerability Database (OSVDB)

id Description
68571 Microsoft Office Excel File Format Parsing Remote Code Execution

OpenVAS Exploits

id Description
2012-11-14 Name : Microsoft Office Remote Code Execution Vulnerabilities (2720184)
File : nvt/secpod_ms12-076.nasl
2012-11-14 Name : Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
File : nvt/secpod_ms12-076_macosx.nasl
2012-05-09 Name : Microsoft Office Remote Code Execution Vulnerabilities (2663830)
File : nvt/secpod_ms12-030.nasl
2012-05-09 Name : Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
File : nvt/secpod_ms12-030_macosx.nasl
2010-10-13 Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
File : nvt/secpod_ms10-080.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0214 Multiple Vulnerabilities in Microsoft Office (MS15-099)
Severity: Category II - VMSKEY: V0061389
2015-A-0188 Cumulative Security Update for Microsoft Internet Explorer (MS15-079)
Severity: Category I - VMSKEY: V0061297
2015-A-0194 Multiple Vulnerabilities in Microsoft Office (MS15-081)
Severity: Category II - VMSKEY: V0061307
2015-A-0197 Microsoft Command Line Parameter Information Disclosure Vulnerability (MS15-088)
Severity: Category II - VMSKEY: V0061313
2015-A-0163 Multiple Vulnerabilities in Microsoft Office (MS15-070)
Severity: Category II - VMSKEY: V0061121
2015-A-0052 Multiple Vulnerabilities in Microsoft Office (MS15-022)
Severity: Category II - VMSKEY: V0058999
2015-A-0037 Multiple Remote Code Execution Vulnerabilities in Microsoft Office (MS15-012)
Severity: Category II - VMSKEY: V0058751
2013-B-0114 Multiple Vulnerabilities in Microsoft Office Excel
Severity: Category II - VMSKEY: V0040757
2013-A-0174 Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity: Category II - VMSKEY: V0040292
2013-A-0171 Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity: Category I - VMSKEY: V0040295

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51568 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51567 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51566 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51565 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47204 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47203 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47202 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47201 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47200 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47199 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47176 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47175 - Type : FILE-OFFICE - Revision : 1
2018-07-31 Microsoft Office Excel empty bookViews element denial of service attempt
RuleID : 47056 - Type : FILE-OFFICE - Revision : 1
2018-07-31 Microsoft Office Excel empty bookViews element denial of service attempt
RuleID : 47055 - Type : FILE-OFFICE - Revision : 1
2017-05-09 Microsoft Office Excel out of bounds memory attempt
RuleID : 42162 - Type : FILE-OFFICE - Revision : 2
2017-05-09 Microsoft Office Excel out of bounds memory attempt
RuleID : 42161 - Type : FILE-OFFICE - Revision : 2
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41980 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41979 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41977 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41976 - Type : FILE-OFFICE - Revision : 3
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41731 - Type : FILE-OFFICE - Revision : 2
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41730 - Type : FILE-OFFICE - Revision : 2
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41729 - Type : FILE-OFFICE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-03-13 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_mar_office.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_jul_office_web.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jul_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_jul_office.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17_july_office.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_apr_office.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17-014_office.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms16-148_office.nasl - Type: ACT_GATHER_INFO
2016-11-16 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms16-133_office.nasl - Type: ACT_GATHER_INFO
2016-11-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-133.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO
2016-09-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms16-088.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-088_office.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms16-070.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms16-042.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-042_office.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-004_office.nasl - Type: ACT_GATHER_INFO
2015-12-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-131_office.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-131.nasl - Type: ACT_GATHER_INFO