This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2009-02-25
Product Excel Viewer Last view 2018-01-09
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:excel_viewer

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2018-01-09 CVE-2018-0796

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

7.8 2017-03-16 CVE-2017-0052

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.

7.8 2017-03-16 CVE-2017-0006

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

7.8 2016-12-20 CVE-2016-7266

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.1 2016-12-20 CVE-2016-7265

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

7.1 2016-12-20 CVE-2016-7264

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

7.8 2016-12-20 CVE-2016-7262

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.8 2016-11-10 CVE-2016-7231

Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-11-10 CVE-2016-7229

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-09-14 CVE-2016-3381

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.

7.8 2016-09-14 CVE-2016-3365

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.

7.8 2016-09-14 CVE-2016-3363

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.

7.8 2016-09-14 CVE-2016-3362

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365.

7.8 2016-09-14 CVE-2016-3359

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-09-14 CVE-2016-3358

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-07-12 CVE-2016-3284

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-04-12 CVE-2016-0139

Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-04-12 CVE-2016-0122

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-02-10 CVE-2016-0054

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

7.8 2016-01-13 CVE-2016-0035

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6177

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6122

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6040

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-11-11 CVE-2015-6038

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-10-13 CVE-2015-2558

Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
73% (28) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (3) CWE-264 Permissions, Privileges, and Access Controls
5% (2) CWE-399 Resource Management Errors
5% (2) CWE-125 Out-of-bounds Read
5% (2) CWE-20 Improper Input Validation
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

SAINT Exploits

Description Link
Microsoft Excel SST record code execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
52695 Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified ...

OpenVAS Exploits

id Description
2012-11-14 Name : Microsoft Office Remote Code Execution Vulnerabilities (2720184)
File : nvt/secpod_ms12-076.nasl
2012-11-14 Name : Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
File : nvt/secpod_ms12-076_macosx.nasl
2012-11-08 Name : Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
File : nvt/secpod_ms_office_excel_readav_code_exec_vuln.nasl
2012-05-09 Name : Microsoft Office Remote Code Execution Vulnerabilities (2663830)
File : nvt/secpod_ms12-030.nasl
2012-05-09 Name : Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
File : nvt/secpod_ms12-030_macosx.nasl
2009-03-18 Name : Microsoft Excel Remote Code Execution Vulnerabilities (968557)
File : nvt/secpod_ms_excel_remote_code_exec_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0214 Multiple Vulnerabilities in Microsoft Office (MS15-099)
Severity: Category II - VMSKEY: V0061389
2015-A-0052 Multiple Vulnerabilities in Microsoft Office (MS15-022)
Severity: Category II - VMSKEY: V0058999
2015-A-0037 Multiple Remote Code Execution Vulnerabilities in Microsoft Office (MS15-012)
Severity: Category II - VMSKEY: V0058751
2013-B-0114 Multiple Vulnerabilities in Microsoft Office Excel
Severity: Category II - VMSKEY: V0040757
2013-B-0116 Microsoft SharePoint Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0040765
2013-A-0174 Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity: Category II - VMSKEY: V0040292
2013-A-0171 Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity: Category I - VMSKEY: V0040295

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51568 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51567 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51566 - Type : FILE-OFFICE - Revision : 1
2019-10-23 Microsoft Office Excel invalid Window2 BIFF record value attempt
RuleID : 51565 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47204 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47203 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47202 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47201 - Type : FILE-OFFICE - Revision : 2
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47200 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel fileVersion use-after-free attempt
RuleID : 47199 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47176 - Type : FILE-OFFICE - Revision : 1
2018-08-16 Microsoft Office Excel ddeService command execution attempt
RuleID : 47175 - Type : FILE-OFFICE - Revision : 1
2018-07-31 Microsoft Office Excel empty bookViews element denial of service attempt
RuleID : 47056 - Type : FILE-OFFICE - Revision : 1
2018-07-31 Microsoft Office Excel empty bookViews element denial of service attempt
RuleID : 47055 - Type : FILE-OFFICE - Revision : 1
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41980 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41979 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41977 - Type : FILE-OFFICE - Revision : 3
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41976 - Type : FILE-OFFICE - Revision : 3
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41731 - Type : FILE-OFFICE - Revision : 2
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41730 - Type : FILE-OFFICE - Revision : 2
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41729 - Type : FILE-OFFICE - Revision : 2
2017-03-30 Microsoft Office Excel SXLI record integer overrun attempt
RuleID : 41728 - Type : FILE-OFFICE - Revision : 2
2017-01-10 Microsoft Office Excel ddeService command execution attempt
RuleID : 40960 - Type : FILE-OFFICE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms16-148_office.nasl - Type: ACT_GATHER_INFO
2016-11-16 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms16-133_office.nasl - Type: ACT_GATHER_INFO
2016-11-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-133.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO
2016-09-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-088_office.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms16-088.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms16-042.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-042_office.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-004_office.nasl - Type: ACT_GATHER_INFO
2015-12-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-131_office.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-131.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-116_office.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2015-10-14 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-110_office.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-099.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-099_office_2011.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-022.nasl - Type: ACT_GATHER_INFO
2015-02-10 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-012.nasl - Type: ACT_GATHER_INFO