This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-05-13
Product Powerpoint Last view 2018-10-10
Version 2013 Type Application
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:powerpoint

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2018-10-10 CVE-2018-8501

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint.

7.8 2017-09-12 CVE-2017-8742

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.

7.8 2016-09-14 CVE-2016-3360

Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

5.5 2016-07-12 CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."

4.3 2016-01-13 CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."

9.3 2015-11-11 CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."

4.3 2015-08-14 CVE-2015-2423

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."

9.3 2015-07-14 CVE-2015-2424

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3 2015-05-13 CVE-2015-1682

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
50% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (2) CWE-200 Information Exposure
12% (1) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-254 Security Features

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0188 Cumulative Security Update for Microsoft Internet Explorer (MS15-079)
Severity: Category I - VMSKEY: V0061297
2015-A-0194 Multiple Vulnerabilities in Microsoft Office (MS15-081)
Severity: Category II - VMSKEY: V0061307
2015-A-0197 Microsoft Command Line Parameter Information Disclosure Vulnerability (MS15-088)
Severity: Category II - VMSKEY: V0061313
2015-A-0163 Multiple Vulnerabilities in Microsoft Office (MS15-070)
Severity: Category II - VMSKEY: V0061121
2015-A-0103 Multiple Vulnerabilities in Microsoft Office Products (MS15-046)
Severity: Category II - VMSKEY: V0060643

Snort® IPS/IDS

Date Description
2016-10-13 Microsoft Office PowerPoint ppcore invalid pointer reference attempt
RuleID : 40148 - Type : FILE-OFFICE - Revision : 3
2016-10-13 Microsoft Office PowerPoint ppcore invalid pointer reference attempt
RuleID : 40147 - Type : FILE-OFFICE - Revision : 3
2016-03-14 Microsoft Office MScomctl.ocx memory leak attempt
RuleID : 37282 - Type : FILE-OTHER - Revision : 2
2016-03-14 Microsoft Office MScomctl.ocx memory leak attempt
RuleID : 37281 - Type : FILE-OTHER - Revision : 2
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36721 - Type : FILE-OFFICE - Revision : 3
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36720 - Type : FILE-OFFICE - Revision : 3
2015-09-10 Microsoft Windows Notepad remote printer file access attempt
RuleID : 35488 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows Notepad remote printer file access attempt
RuleID : 35487 - Type : OS-WINDOWS - Revision : 4
2015-08-20 Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win....
RuleID : 35326 - Type : FILE-OFFICE - Revision : 3
2015-08-20 Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win....
RuleID : 35325 - Type : FILE-OFFICE - Revision : 3
2015-06-17 Microsoft Office Word incorrect ptCount element denial of service attempt
RuleID : 34429 - Type : FILE-OFFICE - Revision : 3
2015-06-17 Microsoft Office Word incorrect ptCount element denial of service attempt
RuleID : 34428 - Type : FILE-OFFICE - Revision : 3
2014-01-10 Microsoft Office Excel with embedded Flash file attachment
RuleID : 18548 - Type : FILE-OFFICE - Revision : 16
2014-01-10 Microsoft Office Excel with embedded Flash file transfer
RuleID : 18545 - Type : FILE-OFFICE - Revision : 16

Nessus® Vulnerability Scanner

id Description
2017-09-13 Name: An application installed on the remote Windows host is affected by multiple r...
File: smb_nt_ms17_sep_office_web.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Powerpoint Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_powerpoint.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Office Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_office_viewers.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Sharepoint Server installation on the remote host is affected b...
File: smb_nt_ms17_sep_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: Microsoft Office Compatibility Pack SP3 is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_office_compatibility.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Office Products are affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_office.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO
2016-09-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO
2016-07-12 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms16-088.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-004.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms15-081.nasl - Type: ACT_GATHER_INFO
2015-08-11 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms15-088.nasl - Type: ACT_GATHER_INFO
2015-08-11 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-079.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-070.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms15-046_office_2011.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-046.nasl - Type: ACT_GATHER_INFO