Lucene search
K

13 matches found

Securelist
Securelist
added 2017/09/25 12:23 p.m.188 views

A simple example of a complex cyberattack

We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...

9.3CVSS9.3AI score0.97327EPSS
Exploits1
seebug.org
seebug.org
added 2015/12/31 12:0 a.m.414 views

Microsoft Office 内存损坏漏洞(CVE-2015-1641)

来源: http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞,攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证,可以传入其他标签对象进行处理,造成类型混淆,导致任意内存写入,最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示,这个漏洞覆盖Office 2007...

9.3CVSS7.5AI score0.99966EPSS
Exploits12
myhack58
myhack58
added 2015/10/20 12:0 a.m.13 views

CVE-2 0 1 5-1 6 4 1 vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

0.5AI score
Exploits0
myhack58
myhack58
added 2015/10/17 12:0 a.m.54 views

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

0.3AI score
Exploits0
Circl
Circl
added 2015/09/07 12:16 p.m.14 views

CVE-2015-1641

creationtimestamp| type| source ---|---|--- 2015-09-07 12:16:06+00:00| seen| MISP/55d34355-a218-49d2-9f4e-40bd950d210b 2015-09-08 14:44:42+00:00| seen| MISP/55eef158-bf34-4bd4-8933-4938950d210b 2016-02-08 10:35:40+00:00| seen| MISP/56b86d69-3b0c-465d-8eb3-0e57bce2ab96 2016-04-12 20:22:17+00:00|...

9.3CVSS7.3AI score0.97327EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2015/04/15 12:0 a.m.41 views

Microsoft Office Web Apps Multiple Vulnerabilities (3048019)

This host is missing a critical security update according to Microsoft Bulletin MS15-033. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS8.3AI score0.97327EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2015/04/15 12:0 a.m.72 views

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3048019)

This host is missing a critical security update according to Microsoft Bulletin MS15-033. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS8.3AI score0.97327EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2015/04/15 12:0 a.m.75 views

Microsoft Office Word Remote Code Execution Vulnerabilities (3048019) - Mac OS X

This host is missing a critical security update according to Microsoft Bulletin MS15-033. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS8.4AI score0.97327EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2015/04/14 8:0 p.m.11 views

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

7.9AI score0.97327EPSS
Exploits1References3
CVE
CVE
added 2015/04/14 8:0 p.m.1220 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wildExploits1References4Affected Software6
Tenable Nessus
Tenable Nessus
added 2015/04/14 12:0 a.m.191 views

MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)

The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Microsoft Word, Microsoft Word Viewer, SharePoint Server, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exist...

9.3CVSS9.2AI score0.97327EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2015/04/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-1641

Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user...

9.3CVSS7.8AI score0.97327EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2015/04/14 12:0 a.m.9 views

Microsoft Office Memory Corruption (MS15-033: CVE-2015-1641)

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS9.1AI score0.97327EPSS
Exploits1
Rows per page
Query Builder