This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2010-11-09
Product Office Last view 2020-08-17
Version 2010 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:office

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2020-08-17 CVE-2020-1563

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

7.8 2017-10-13 CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

9.3 2012-05-08 CVE-2012-0165

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

9.3 2012-05-08 CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

9.3 2010-11-09 CVE-2010-3337

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

9.3 2010-11-09 CVE-2010-3335

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."

9.3 2010-11-09 CVE-2010-3334

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."

9.3 2010-11-09 CVE-2010-3333

Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."

CWE : Common Weakness Enumeration

%idName
71% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Microsoft Excel Drawing Exception Handling vulnerability More info here
Microsoft Office RTF pFragments Property Stack Buffer Overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
69089 Microsoft Office Insecure Library Loading Remote Code Execution
69087 Microsoft Office Drawing Exception Handling Remote Code Execution
69086 Microsoft Office Art Drawing Record Parsing Remote Code Execution
69085 Microsoft Office RTF Parsing Stack Overflow

ExploitDB Exploits

id Description
17474 MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit

OpenVAS Exploits

id Description
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2011-08-11 Name : Microsoft Windows Insecure Library Loading Vulnerability (2269637)
File : nvt/gb_ms_insecure_lib_loading_vuln.nasl
2010-11-10 Name : Microsoft Office Remote Code Execution Vulnerabilites (2423930)
File : nvt/secpod_ms10-087.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2018-02-27 Microsoft Office embedded Office Art drawings execution attempt
RuleID : 45557 - Type : FILE-OFFICE - Revision : 1
2018-02-27 Microsoft Office embedded Office Art drawings execution attempt
RuleID : 45556 - Type : FILE-OFFICE - Revision : 1
2017-11-16 Microsoft Office Word docx object type confusion attempt
RuleID : 44586 - Type : FILE-OFFICE - Revision : 3
2017-11-16 Microsoft Office Word docx object type confusion attempt
RuleID : 44585 - Type : FILE-OFFICE - Revision : 3
2017-08-23 Microsoft Office RTF parsing remote code execution attempt
RuleID : 43679 - Type : FILE-OFFICE - Revision : 1
2017-08-23 Microsoft Office RTF parsing remote code execution attempt
RuleID : 43678 - Type : FILE-OFFICE - Revision : 1
2014-01-18 Win.Trojan.Egobot variant outbound connection
RuleID : 28989 - Type : MALWARE-CNC - Revision : 4
2014-01-10 Microsoft Windows True Type Font maxComponentPoints overflow attempt
RuleID : 27576 - Type : FILE-OTHER - Revision : 5
2014-01-10 Microsoft Office RTF malformed pfragments field
RuleID : 25393 - Type : FILE-OFFICE - Revision : 4
2014-01-10 DNS request for known malware domain losang.dynamicdns.co.uk
RuleID : 25069 - Type : BLACKLIST - Revision : 2
2014-01-10 Win.Trojan.Riler inbound connection
RuleID : 25068 - Type : MALWARE-CNC - Revision : 2
2014-01-10 Win.Trojan.Riler variant outbound connection
RuleID : 25067 - Type : MALWARE-CNC - Revision : 3
2014-01-10 Microsoft Office RTF malformed pfragments field
RuleID : 22102 - Type : FILE-OFFICE - Revision : 8
2014-01-10 Microsoft Office RTF malformed pfragments field
RuleID : 22101 - Type : FILE-OFFICE - Revision : 7
2014-01-10 Microsoft Windows True Type Font maxComponentPoints overflow attempt
RuleID : 22087 - Type : FILE-OTHER - Revision : 9
2014-01-10 Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt
RuleID : 22086 - Type : FILE-OFFICE - Revision : 5
2014-01-10 Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt
RuleID : 22085 - Type : FILE-OFFICE - Revision : 5
2014-01-10 Microsoft Office embedded Office Art drawings execution attempt
RuleID : 22037 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Office embedded Office Art drawings execution attempt
RuleID : 22036 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Office embedded Office Art drawings execution attempt
RuleID : 22035 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Office Excel malformed MsoDrawingObject record attempt
RuleID : 19260 - Type : FILE-OFFICE - Revision : 16
2014-01-10 Microsoft Office RTF malformed second pfragments field
RuleID : 18706 - Type : FILE-OFFICE - Revision : 15
2014-01-10 Microsoft Office RTF malformed second pfragments field
RuleID : 18705 - Type : FILE-OFFICE - Revision : 11
2014-01-10 Microsoft Office RTF malformed second pfragments field
RuleID : 18704 - Type : FILE-OFFICE - Revision : 13
2014-01-10 Microsoft Office RTF malformed pfragments field
RuleID : 18703 - Type : FILE-OFFICE - Revision : 12

Nessus® Vulnerability Scanner

id Description
2017-10-11 Name: The Microsoft Office Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_oct_office.nasl - Type: ACT_GATHER_INFO
2017-10-11 Name: The Microsoft Sharepoint Server installation on the remote host is affected b...
File: smb_nt_ms17_oct_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-10-11 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_oct_office_web.nasl - Type: ACT_GATHER_INFO
2017-10-10 Name: Microsoft Office Compatibility Pack SP3 is affected by a remote code executio...
File: smb_nt_ms17_oct_office_compatibility.nasl - Type: ACT_GATHER_INFO
2017-10-10 Name: The Microsoft Office Products are missing a security update.
File: smb_nt_ms17_oct_word_viewer.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: Arbitrary code can be executed on the remote host through Microsoft Lync.
File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO
2010-11-09 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms_office_nov2010.nasl - Type: ACT_GATHER_INFO
2010-11-09 Name: Arbitrary code can be executed on the remote host through Microsoft Office.
File: smb_nt_ms10-087.nasl - Type: ACT_GATHER_INFO