Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit - Remote Code Execution RCE Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...

Microsoft Excel / 365 MSO Remote Code Execution

Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

PT-2023-1154 · Ge · Proficy Historian

Name of the Vulnerable Software and Affected Versions: GE Proficy Historian affected versions not specified Description: The issue is related to the implementation of the MSO protocol in the GE Proficy Historian platform, which allows for unlimited upload of dangerous file types. This could enabl...

CVE-2022-20921 Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)

Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure ACI Multi-Site Orchestrator MSO that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted...

Cisco Warns of Critical Auth-Bypass Security Flaw

A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator ACI MSO — this is Cisco’s management...

Akamai Takes Home Three Streaming Media Readers' Choice Awards

Streaming Media has announced its 2018 Readers' Choice Award winners at Streaming Media West in Huntington Beach, Calif. Recognizing technological excellence in the online video industry, Streaming Media readers cast more than 25,000 votes across 30 categories. Akamai was honored to win in three...

TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...

TYPO3 'mso/idna-convert' Library Cross Site Scripting Vulnerability (Jul 2016)

TYPO3 is prone to a cross site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescripti...

Cross-Site Scripting in third party library mso/idna-convert

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020...

TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

Trustwave's SpiderLabs Security Advisory TWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways SMCD3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcast http://comcast.com and SMC http://www.smc.com Product:...

CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability

Advisory Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability CVE: 2010-3200 Version Word 2003 SP3 11.8326.11.8324 tested on windows XP SP2/SP3 Details : A null pointer dereference vulnerability has been noticed in MS Word.The exception results in the MSO.dll library which fails to hand...

Design/Logic Flaw

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML OOXML documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the 1 LastModifiedBy and 2 creator fields in docProps/core.xml in the OOXML...

CVE-2007-6329

CVE-2007-6329 affects Microsoft Office 2007 (builds 12.0.6015.5000) and MSO 12.0.6017.5000, where Office Open XML (OOXML) metadata is not signed. This allows an attacker to alter Dublin Core fields in the OOXML ZIP container, demonstrated in docProps/core.xml (LastModifiedBy and creator fields). ...

VulnCheck KEV: CVE-2006-3590

mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493...