vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products such as Sharepoint, Word, Project, and Excel. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. For successful exploitation, th...

Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...

Microsoft Win32k 输入验证错误漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There is an input validation vulnerability in Microsoft Win32k. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft Excel for Androi...

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...

Microsoft Graphics Component 缓冲区错误漏洞

The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There is a buffer overflow vulnerability present in the Microsoft Graphics Component. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions a...

Microsoft Win32k 资源管理错误漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There is a resource management vulnerability in Microsoft Win32k. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows Server 2019,...

Microsoft Office 资源管理错误漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected:Windows 11 Version...

CVE-2024-35205

The WPS Office aka cn.wps.mofficeeng application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aimi...

CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

The vulnerability of the Microsoft Office application suite for Android, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office application suite for Android is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to carry out spear-phishing attacks...

WPS Office Man-in-the-Middle Attack Vulnerability in Android Version

WPS Office is an office software suite developed independently by Kingsoft Corporation. There is a man-in-the-middle attack vulnerability in WPS Office for Android, where the software does not verify the validity of the TLS certificate when submitting a login request, which can lead to a...