204 matches found
Microsoft Word 2016 Information Disclosure Vulnerability (KB4018339)
This host is missing an important security update according to Microsoft KB4018339 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Word 2010 Service Pack 2 Information Disclosure Vulnerability (KB4018359)
This host is missing an important security update according to Microsoft KB4018359 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Office Compatibility Pack Service Pack 3 Information Disclosure Vulnerability (KB4018354)
This host is missing an important security update according to Microsoft KB4018354 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Word 2013 Service Pack 1 Information Disclosure Vulnerability (KB4018347)
This host is missing an important security update according to Microsoft KB4018347 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Office Information Disclosure Vulnerability
An information disclosure vulnerability exists when Office renders Rich Text Format RTF email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. To exploit the...
Security Updates for Microsoft Office Products (April 2018)
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the...
[SECURITY] Fedora 27 Update: sharutils-4.15.2-8.fc27
The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files in binary or text format in a special plain text format called shell archives shar. This format can be sent through e-mail which can be problematic for regular binary files. T he shar...
CVE-2018-6217
The WStr::allociostrdata function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service application crash via a crafted a web page, b office document, or c .rtf file...
Kingsoft WPS Office Denial of Service Vulnerability
Kingsoft WPS Office is an office software suite from the Chinese company Kingsoft, commonly used components include Writer word processing, Spreadsheets spreadsheets and Presentation presentations. A security vulnerability exists in the 'WStr::allociostrdata' function of the kso.dll file in...
CVE-2018-0797
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability"...
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft...
openSUSE Security Update : libreoffice (openSUSE-2016-1192)
LibreOffice was updated to version 5.1.5.2, bringing enhancements and bug fixes. - CVE-2016-4324: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents could be constructed which dereference an iterator to the first entry of an empty STL container...
CVE-2016-7193
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps...
PT-2016-3358 · Microsoft · Sharepoint Server +8
Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2007 SP2 through 2016 Microsoft Word versions 2007 SP2 through 2016 Microsoft Word for Mac versions 2011 through 2016 Office Compatibility Pack version SP3 Word Viewer affected versions not specified Word Automation...
SUSE SLED12 Security Update : libreoffice (SUSE-SU-2016:2472-1)
LibreOffice was updated to version 5.1.5.2, bringing enhancements and bug fixes. - CVE-2016-4324: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents could be constructed which dereference an iterator to the first entry of an empty STL container...
Microsoft Office Memory Corruption (MS16-099: CVE-2016-3317)
A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is caused when Microsoft Office does not properly handle rich text format files in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file with an affected...
LibreOffice < 5.1.4 RTF Character Style Index RCE
The version of LibreOffice installed on the remote Windows host is prior to 5.1.4. It is, therefore, affected by a use-after-free error during Rich Text Format RTF file parsing due to improper validation of the RTF character style index. An unauthenticated, remote attacker can exploit this, by...
The vulnerability of the Microsoft Office software allows a malicious actor to execute arbitrary code with privileges of the current user.
The Microsoft Office suite contains a vulnerability related to errors that occur due to improper processing of specially crafted RTF files. Exploiting this vulnerability could allow an unauthorized attacker to execute arbitrary code with privileges of the current user...
The vulnerability of the Microsoft Office Web Apps package allows a malicious actor to execute arbitrary code with privileges of the current user.
The Microsoft Office Web Apps software package contains a vulnerability related to errors that occur due to improper processing of specially crafted RTF files. Exploiting this vulnerability could allow an unauthorized intruder to execute arbitrary code with privileges of the current user...
The vulnerability of Microsoft Word text editors allows a malicious actor to execute arbitrary code with the privileges of the current user.
Microsoft Word’s text editor contains a vulnerability related to errors that occur due to improper processing of specially crafted RTF files. Exploiting this vulnerability could allow an unauthorized intruder to execute arbitrary code with privileges of the current user...