This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-07-14
Product Excel Viewer Last view 2018-12-11
Version 2007 Type Application
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:excel_viewer

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2018-12-11 CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

7.8 2018-11-13 CVE-2018-8577

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.

7.8 2018-10-10 CVE-2018-8432

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.

5.5 2018-10-10 CVE-2018-8427

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

5.5 2018-09-12 CVE-2018-8429

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

5.5 2018-08-15 CVE-2018-8382

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

5.5 2018-08-15 CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.

7.8 2018-08-15 CVE-2018-8375

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.

7.8 2018-04-11 CVE-2018-1029

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.

7.8 2017-11-14 CVE-2017-11878

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".

5.5 2017-11-14 CVE-2017-11877

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".

7.8 2017-09-12 CVE-2017-8631

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.

7.8 2017-07-11 CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

6.9 2015-07-14 CVE-2015-2378

Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability."

9.3 2015-07-14 CVE-2015-2376

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

4.3 2015-07-14 CVE-2015-2375

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability."

CWE : Common Weakness Enumeration

%idName
44% (4) CWE-200 Information Exposure
44% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-125 Out-of-bounds Read

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0163 Multiple Vulnerabilities in Microsoft Office (MS15-070)
Severity: Category II - VMSKEY: V0061121

Snort® IPS/IDS

Date Description
2018-05-10 Microsoft Office Excel use after free remote code execution attempt
RuleID : 46181 - Type : FILE-OFFICE - Revision : 2
2018-05-10 Microsoft Office Excel use after free remote code execution attempt
RuleID : 46180 - Type : FILE-OFFICE - Revision : 2
2017-12-13 Microsoft Office Excel use after free vulnerability exploit attempt
RuleID : 44822 - Type : FILE-OFFICE - Revision : 3
2017-12-13 Microsoft Office Excel use after free vulnerability exploit attempt
RuleID : 44821 - Type : FILE-OFFICE - Revision : 3
2015-08-14 Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt
RuleID : 35144 - Type : FILE-OFFICE - Revision : 4
2015-08-14 Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt
RuleID : 35143 - Type : FILE-OFFICE - Revision : 4
2015-08-14 Microsoft Office Excel out of bounds memory access attempt
RuleID : 35138 - Type : FILE-OFFICE - Revision : 2
2015-08-14 Microsoft Office Excel out of bounds memory access attempt
RuleID : 35137 - Type : FILE-OFFICE - Revision : 3
2015-08-14 Microsoft Office Excel invalid table information disclosure attempt
RuleID : 35130 - Type : FILE-OFFICE - Revision : 3
2015-08-14 Microsoft Office Excel invalid table information disclosure attempt
RuleID : 35129 - Type : FILE-OFFICE - Revision : 3

Nessus® Vulnerability Scanner

id Description
2018-12-13 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_dec_office.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_nov_office.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_oct_office.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_sep_office.nasl - Type: ACT_GATHER_INFO
2018-08-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_aug_office.nasl - Type: ACT_GATHER_INFO
2018-04-12 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_apr_office.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The Microsoft Office Viewer Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_office_viewers.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The Microsoft Office Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_office_compatibility.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The Microsoft Excel Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_excel.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17_nov_office.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_sep_office_web.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Office Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_office_viewers.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Sharepoint Server installation on the remote host is affected b...
File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: Microsoft Office Compatibility Pack SP3 is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_office_compatibility.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Excel Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_excel.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17_sep_office.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_jul_office_web.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jul_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_jul_office.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macosx_ms17_july_office.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-070_office_2011.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-070.nasl - Type: ACT_GATHER_INFO