This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-09-11
Product Excel Last view 2017-03-16
Version 2010 Type Application
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware x64  
Other *  
 
CPE Product cpe:2.3:a:microsoft:excel

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.7 2017-03-16 CVE-2017-0027

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

7.8 2016-12-20 CVE-2016-7266

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.3 2016-06-15 CVE-2016-3233

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-02-10 CVE-2016-0054

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-01-13 CVE-2016-0035

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

4.3 2016-01-13 CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."

9.3 2015-12-09 CVE-2015-6122

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6040

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-11-11 CVE-2015-6094

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-11-11 CVE-2015-6038

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-11-11 CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

9.3 2015-10-13 CVE-2015-2558

Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-10-13 CVE-2015-2555

Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-09-08 CVE-2015-2523

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-09-08 CVE-2015-2520

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

6.9 2015-07-14 CVE-2015-2378

Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."

9.3 2015-07-14 CVE-2015-2377

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-07-14 CVE-2015-2376

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

4.3 2015-07-14 CVE-2015-2375

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability."

9.3 2015-05-13 CVE-2015-1682

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-02-10 CVE-2015-0063

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."

9.3 2014-12-10 CVE-2014-6361

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."

9.3 2014-12-10 CVE-2014-6360

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."

9.3 2013-10-09 CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

4.3 2013-09-11 CVE-2013-3159

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

CWE : Common Weakness Enumeration

%idName
60% (14) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (3) CWE-200 Information Exposure
8% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
8% (2) CWE-20 Improper Input Validation
4% (1) CWE-399 Resource Management Errors
4% (1) CWE-264 Permissions, Privileges, and Access Controls

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0214 Multiple Vulnerabilities in Microsoft Office (MS15-099)
Severity: Category II - VMSKEY: V0061389
2015-A-0163 Multiple Vulnerabilities in Microsoft Office (MS15-070)
Severity: Category II - VMSKEY: V0061121
2015-A-0103 Multiple Vulnerabilities in Microsoft Office Products (MS15-046)
Severity: Category II - VMSKEY: V0060643
2015-A-0037 Multiple Remote Code Execution Vulnerabilities in Microsoft Office (MS15-012)
Severity: Category II - VMSKEY: V0058751
2013-B-0114 Multiple Vulnerabilities in Microsoft Office Excel
Severity: Category II - VMSKEY: V0040757
2013-B-0116 Microsoft SharePoint Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0040765
2013-A-0174 Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity: Category II - VMSKEY: V0040292
2013-A-0171 Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity: Category I - VMSKEY: V0040295

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47204 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47203 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47202 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47201 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47200 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47199 - Type : FILE-OFFICE - Revision : 1
2017-03-14 Microsoft Office Excel malformed CellXF memory corruption attempt
RuleID : 41582 - Type : FILE-OFFICE - Revision : 5
2017-03-14 Microsoft Office Excel malformed CellXF memory corruption attempt
RuleID : 41581 - Type : FILE-OFFICE - Revision : 5
2016-11-15 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40460 - Type : FILE-OFFICE - Revision : 3
2016-11-15 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40459 - Type : FILE-OFFICE - Revision : 3
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39347 - Type : FILE-OFFICE - Revision : 2
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39346 - Type : FILE-OFFICE - Revision : 2
2016-07-13 Microsoft Office Excel malformed XLS out of bounds memory read attempt
RuleID : 39224 - Type : FILE-OFFICE - Revision : 2
2016-07-13 Microsoft Office Excel malformed XLS out of bounds memory read attempt
RuleID : 39223 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel formula length heap corruption attempt
RuleID : 37593 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel formula length heap corruption attempt
RuleID : 37592 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office MScomctl.ocx memory leak attempt
RuleID : 37282 - Type : FILE-OTHER - Revision : 2
2016-03-14 Microsoft Office MScomctl.ocx memory leak attempt
RuleID : 37281 - Type : FILE-OTHER - Revision : 2
2016-03-14 Microsoft Office Excel mso20win32client use after free attempt
RuleID : 37260 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel mso20win32client use after free attempt
RuleID : 37259 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt
RuleID : 36959 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt
RuleID : 36958 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel MSO reference count use after free attempt
RuleID : 36925 - Type : FILE-OFFICE - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17-014_office.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms16-148_office.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms16-070.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-004_office.nasl - Type: ACT_GATHER_INFO
2015-12-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-131_office.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-131.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-116_office.nasl - Type: ACT_GATHER_INFO
2015-10-14 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-110_office.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-099.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-099_office_2011.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-070.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-070_office_2011.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-046.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms15-046_office_2011.nasl - Type: ACT_GATHER_INFO
2015-02-10 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-012.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The Microsoft Office component installed on the remote host is affected by mu...
File: smb_nt_ms14-083.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The Microsoft Office component installed on the remote host is affected by mu...
File: smb_nt_ms13-085.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-084.nasl - Type: ACT_GATHER_INFO