MS16-054: Security Update for Microsoft Office (3155544) (Mac OS X)

The version of Microsoft Office installed on the remote Mac OS X host is affected by a remote code execution vulnerability due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file in Microsoft Office,...

MS16-042: Description of the security update for Office 2016 for Mac: April 12, 2016

MS16-042: Description of the security update for Office 2016 for Mac: April 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Microsoft PowerPoint - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Microsoft PowerPoint published at the 'play' market has multiple vulnerabilities...

Microsoft PowerPoint Viewer 12.0.6600.1000 DLL Hijacking

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-PPT-VIEWER-CODE-EXEC.txt Vendor: =================== www.microsoft.com Product: ============================ Microsoft PowerPoint Viewer version: 12.0.6600.1000 Vulnerability...

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

JVN#77012922: Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint Microsoft...

Microsoft Office Memory Corruption (MS16-015: CVE-2016-0055)

A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to improper dereferencing of pointers when handling certain objects. A remote attacker could trigger this flaw by convincing a victim to open a malicious PowerPoint file that will lead to a...

BlackEnergy APT Group Spreading Malware via Tainted Word Docs

Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan. Researchers with Kaspersky Lab’s Global Research and Analysis Team discovered a malicious Word document last week that appears to stem from a campaign against one of th...

VulnCheck KEV: CVE-2010-2572

Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution...

Vulnerability of Microsoft Visio graphic editors, Microsoft Excel spreadsheet editors, Microsoft PowerPoint presentation preparation software, Microsoft Word word processors, Microsoft Visual Basic software development environment, Microsoft Office software suite – tools that allow attackers to bypass ASLR protection mechanisms.

The vulnerabilities of Microsoft Visio, a graphic editor; Microsoft Excel, an electronic spreadsheet editor; Microsoft PowerPoint, a presentation software; Microsoft Word, a text editor; the Microsoft Visual Basic development environment; and the Microsoft Office suite are related to the lack of...

CVE-2016-0010

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a...

Microsoft Office PowerPoint Remote Code Execution Vulnerability (3124585)

This host is missing an important security update according to Microsoft Bulletin MS16-004. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Security Update for Microsoft PowerPoint 2016 (KB3114518) 64-Bit Edition

A security vulnerability exists in Microsoft PowerPoint 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Security Update for Microsoft PowerPoint 2016 (KB3114518) 32-Bit Edition

A security vulnerability exists in Microsoft PowerPoint 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Microsoft Office CVE-2016-0012 ASLR Security Bypass Vulnerability

Description Microsoft Office is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Microsoft Excel 2007 SP3 Microsoft Excel...

Microsoft Office CVE-2016-0010 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585) (Mac OS X)

The version of Microsoft Office installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft...

Vulnerabilities of Microsoft Word, the publishing software; Microsoft Publisher; Microsoft Excel, the spreadsheet software; Microsoft PowerPoint, the presentation software; Skype for Business and Microsoft Lync, instant messaging software; Microsoft Project, project management software; Microsoft InfoPath, XML-based form development software; Microsoft OneNote, note-taking software; Microsoft Access, database management system that allows attackers to bypass security measures and gain elevated privileges.

The vulnerabilities of Microsoft Word, the publishing software Microsoft Publisher, the spreadsheet software Microsoft Excel, the presentation preparation software Microsoft PowerPoint, the instant messaging software Skype for Business and Microsoft Lync, the project management software Microsoft...

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

Microsoft Office PowerPoint Privilege Elevation Vulnerability (3104540)

This host is missing an important security update according to Microsoft Bulletin MS15-116. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...