Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2015-10-13 |
| Product | Excel | Last view | 2020-06-09 |
| Version | 2016 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:excel | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2020-06-09 | CVE-2020-1226 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225. |
| 8.8 | 2020-06-09 | CVE-2020-1225 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226. |
| 8.8 | 2020-04-15 | CVE-2020-0906 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979. |
| 8.8 | 2020-04-15 | CVE-2020-0760 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. |
| 8.8 | 2020-02-11 | CVE-2020-0759 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. |
| 7.8 | 2020-01-14 | CVE-2020-0652 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'. |
| 7.8 | 2020-01-14 | CVE-2020-0651 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653. |
| 7.8 | 2020-01-14 | CVE-2020-0650 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653. |
| 5.5 | 2019-12-10 | CVE-2019-1464 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. |
| 5.5 | 2019-11-12 | CVE-2019-1446 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. |
| 8.8 | 2019-10-10 | CVE-2019-1331 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327. |
| 8.8 | 2019-10-10 | CVE-2019-1327 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331. |
| 8.8 | 2019-09-11 | CVE-2019-1297 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. |
| 5.5 | 2019-09-11 | CVE-2019-1263 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. |
| 8.8 | 2019-07-15 | CVE-2019-1111 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110. |
| 8.8 | 2019-07-15 | CVE-2019-1110 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111. |
| 7.8 | 2019-04-09 | CVE-2019-0828 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. |
| 6.5 | 2019-03-05 | CVE-2019-0669 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. |
| 7.8 | 2018-12-11 | CVE-2018-8636 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8597. |
| 5.5 | 2018-12-11 | CVE-2018-8627 | An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. |
| 4.7 | 2018-12-11 | CVE-2018-8598 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627. |
| 7.8 | 2018-12-11 | CVE-2018-8597 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636. |
| 7.8 | 2018-11-13 | CVE-2018-8577 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574. |
| 8.8 | 2018-10-10 | CVE-2018-8502 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. |
| 5.5 | 2018-09-12 | CVE-2018-8429 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 65% (40) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 19% (12) | CWE-200 | Information Exposure |
| 9% (6) | CWE-20 | Improper Input Validation |
| 1% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (1) | CWE-254 | Security Features |
| 1% (1) | CWE-125 | Out-of-bounds Read |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-03-12 | Microsoft Excel information disclosure attempt RuleID : 49133 - Type : FILE-OFFICE - Revision : 1 |
| 2019-03-12 | Microsoft Excel information disclosure attempt RuleID : 49132 - Type : FILE-OFFICE - Revision : 1 |
| 2018-09-11 | Microsoft Office Excel use after free attempt RuleID : 47496 - Type : FILE-OFFICE - Revision : 1 |
| 2018-09-11 | Microsoft Office Excel use after free attempt RuleID : 47495 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47204 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47203 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47202 - Type : FILE-OFFICE - Revision : 2 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47201 - Type : FILE-OFFICE - Revision : 2 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47200 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel fileVersion use-after-free attempt RuleID : 47199 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel ddeService command execution attempt RuleID : 47176 - Type : FILE-OFFICE - Revision : 1 |
| 2018-08-16 | Microsoft Office Excel ddeService command execution attempt RuleID : 47175 - Type : FILE-OFFICE - Revision : 1 |
| 2018-07-31 | Microsoft Office Excel empty bookViews element denial of service attempt RuleID : 47056 - Type : FILE-OFFICE - Revision : 1 |
| 2018-07-31 | Microsoft Office Excel empty bookViews element denial of service attempt RuleID : 47055 - Type : FILE-OFFICE - Revision : 1 |
| 2018-06-07 | Microsoft Office Excel remote code execution attempt RuleID : 46557 - Type : FILE-OFFICE - Revision : 2 |
| 2018-06-07 | Microsoft Office Excel remote code execution attempt RuleID : 46556 - Type : FILE-OFFICE - Revision : 2 |
| 2018-06-07 | Microsoft Office Excel remote code execution attempt RuleID : 46553 - Type : FILE-OFFICE - Revision : 2 |
| 2018-06-07 | Microsoft Office Excel remote code execution attempt RuleID : 46552 - Type : FILE-OFFICE - Revision : 2 |
| 2018-05-10 | Microsoft Office Excel use after free remote code execution attempt RuleID : 46181 - Type : FILE-OFFICE - Revision : 2 |
| 2018-05-10 | Microsoft Office Excel use after free remote code execution attempt RuleID : 46180 - Type : FILE-OFFICE - Revision : 2 |
| 2017-12-13 | Microsoft Office Excel use after free vulnerability exploit attempt RuleID : 44822 - Type : FILE-OFFICE - Revision : 3 |
| 2017-12-13 | Microsoft Office Excel use after free vulnerability exploit attempt RuleID : 44821 - Type : FILE-OFFICE - Revision : 3 |
| 2017-03-14 | Microsoft Office Excel malformed CellXF memory corruption attempt RuleID : 41582 - Type : FILE-OFFICE - Revision : 5 |
| 2017-03-14 | Microsoft Office Excel malformed CellXF memory corruption attempt RuleID : 41581 - Type : FILE-OFFICE - Revision : 5 |
| 2017-03-14 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 41566 - Type : FILE-OFFICE - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-12-13 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_dec_office.nasl - Type: ACT_GATHER_INFO |
| 2018-11-14 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_nov_office.nasl - Type: ACT_GATHER_INFO |
| 2018-09-11 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_sep_office.nasl - Type: ACT_GATHER_INFO |
| 2018-08-14 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_aug_office.nasl - Type: ACT_GATHER_INFO |
| 2018-05-21 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_may_office.nasl - Type: ACT_GATHER_INFO |
| 2018-04-12 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_apr_office.nasl - Type: ACT_GATHER_INFO |
| 2018-03-13 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macos_ms18_mar_office.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The Microsoft Excel Products are affected by multiple vulnerabilities. File: smb_nt_ms17_nov_excel.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_nov_office.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The Microsoft Office Products are affected by multiple vulnerabilities. File: smb_nt_ms17_nov_office_compatibility.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The Microsoft Office Viewer Products are affected by multiple vulnerabilities. File: smb_nt_ms17_nov_office_viewers.nasl - Type: ACT_GATHER_INFO |
| 2017-09-13 | Name: An application installed on the remote Windows host is affected by multiple r... File: smb_nt_ms17_sep_office_web.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The Microsoft Office Products are affected by multiple vulnerabilities. File: smb_nt_ms17_sep_office_viewers.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The Microsoft Sharepoint Server installation on the remote host is affected b... File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: Microsoft Office Compatibility Pack SP3 is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_office_compatibility.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The Microsoft Excel Products are affected by multiple vulnerabilities. File: smb_nt_ms17_sep_excel.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_sep_office.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17_july_office.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: An application installed on the remote Windows host is affected by multiple r... File: smb_nt_ms17_jul_office_web.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_jul_office_sharepoint.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: An application installed on the remote Windows host is affected by multiple r... File: smb_nt_ms17_jul_office.nasl - Type: ACT_GATHER_INFO |
| 2017-03-15 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO |
| 2017-03-15 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17-014_office.nasl - Type: ACT_GATHER_INFO |
| 2016-12-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO |
| 2016-12-14 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms16-148_office.nasl - Type: ACT_GATHER_INFO |
