67 matches found
Security Updates for Microsoft Word Products (January 2018)
The Microsoft Words Products are missing security updates. It is therefore affected by multiple issues involving handling of Office and RTF Rich Text Format files. If successfully exploited, an attacker could execute code in the context of the current user. C Tenable Network Security, Inc...
Microsoft Office Equation Editor Code Execution Exploit
This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Microsoft Office CVE-2017-11882
Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory. This module requires Metasploit:...
Microsoft Office Web Apps Remote Code Execution Vulnerability (3194063)
This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3194063)
This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Microsoft Office Remote Code Execution Vulnerability (3194063) - Mac OS X
This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Microsoft Office Compatibility Pack Remote Code Execution Vulnerability (3194063)
This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Office Word Viewer Remote Code Execution Vulnerability (3194063)
This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS16-121: Security Update for Microsoft Office (3194063)
The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of RTF files. An unauthenticated, remote attacker can exploit this by convincing a user to open a...
Microsoft Graphics Component Memory Corruption (MS16-099: CVE-2016-3318; CVE-2017-8510)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted RTF files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file and ...
KLA10842 Multiple code execution vulnerabilities in Microsoft Office
An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these...
CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...
Microsoft Office 内存损坏漏洞(CVE-2015-1641)
来源: http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞,攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证,可以传入其他标签对象进行处理,造成类型混淆,导致任意内存写入,最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示,这个漏洞覆盖Office 2007...
[SECURITY] [DSA 3163-1] libreoffice security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...
Debian DSA-3163-1 : libreoffice - security update
It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service crash or arbitrary code execution via crafted RTF files. %NASLMINLEVEL 70300 C Tenable...
[SECURITY] [DSA 3163-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3163-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...
MGASA-2015-0016 Updated unrtf package fixes security vulnerability
Updated unrtf package fixes security vulnerability: Hanno Böck also reported a number of other crashes in unrtf besides the ones associated with CVE-2014-9275. These could allow a denial of service when opening a malicious malformed RTF file which causes unrtf to crash...
Microsoft Word RTF Object Confusion
Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...
Microsoft Word RTF Object Confusion
Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...