Lucene search
+L

67 matches found

Tenable Nessus
Tenable Nessus
added 2018/01/09 12:0 a.m.121 views

Security Updates for Microsoft Word Products (January 2018)

The Microsoft Words Products are missing security updates. It is therefore affected by multiple issues involving handling of Office and RTF Rich Text Format files. If successfully exploited, an attacker could execute code in the context of the current user. C Tenable Network Security, Inc...

9.3CVSS8.3AI score0.95121EPSS
Exploits0References13
0day.today
0day.today
added 2017/12/06 12:0 a.m.364 views

Microsoft Office Equation Editor Code Execution Exploit

This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

9.3CVSS8.6AI score0.99945EPSS
Exploits33
Metasploit
Metasploit
added 2017/11/21 7:47 p.m.261 views

Microsoft Office CVE-2017-11882

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory. This module requires Metasploit:...

7.8CVSS8.8AI score0.99945EPSS
Exploits33
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.23 views

Microsoft Office Web Apps Remote Code Execution Vulnerability (3194063)

This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

9.3CVSS7.8AI score0.57705EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.38 views

Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3194063)

This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

9.3CVSS7.8AI score0.57705EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.34 views

Microsoft Office Remote Code Execution Vulnerability (3194063) - Mac OS X

This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

9.3CVSS7.8AI score0.57705EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.47 views

Microsoft Office Compatibility Pack Remote Code Execution Vulnerability (3194063)

This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS7.8AI score0.57705EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.27 views

Microsoft Office Word Viewer Remote Code Execution Vulnerability (3194063)

This host is missing an important security update according to Microsoft Bulletin MS16-121 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS7.8AI score0.57705EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/10/12 12:0 a.m.94 views

MS16-121: Security Update for Microsoft Office (3194063)

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of RTF files. An unauthenticated, remote attacker can exploit this by convincing a user to open a...

9.3CVSS8.1AI score0.57705EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/08/09 12:0 a.m.30 views

Microsoft Graphics Component Memory Corruption (MS16-099: CVE-2016-3318; CVE-2017-8510)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted RTF files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file and ...

9.3CVSS7.8AI score0.22127EPSS
Exploits0
Kaspersky
Kaspersky
added 2016/07/12 12:0 a.m.45 views

KLA10842 Multiple code execution vulnerabilities in Microsoft Office

An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these...

9.3CVSS7.7AI score0.26291EPSS
Exploits0References37
OSV
OSV
added 2016/07/08 7:59 p.m.9 views

CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

7.8CVSS7.8AI score0.02819EPSS
Exploits1References7
seebug.org
seebug.org
added 2015/12/31 12:0 a.m.424 views

Microsoft Office 内存损坏漏洞(CVE-2015-1641)

来源: http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞,攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证,可以传入其他标签对象进行处理,造成类型混淆,导致任意内存写入,最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示,这个漏洞覆盖Office 2007...

9.3CVSS7.5AI score0.99966EPSS
Exploits12
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.58 views

[SECURITY] [DSA 3163-1] libreoffice security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.3AI score0.04143EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/20 12:0 a.m.37 views

Debian DSA-3163-1 : libreoffice - security update

It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service crash or arbitrary code execution via crafted RTF files. %NASLMINLEVEL 70300 C Tenable...

7.5CVSS7.4AI score0.04143EPSS
Exploits0References4
Debian
Debian
added 2015/02/19 1:3 p.m.24 views

[SECURITY] [DSA 3163-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.7AI score0.04143EPSS
Exploits0
Debian
Debian
added 2015/02/19 1:3 p.m.27 views

[SECURITY] [DSA 3163-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...

7.5CVSS7AI score0.04143EPSS
Exploits0
OSV
OSV
added 2015/01/09 4:44 p.m.6 views

MGASA-2015-0016 Updated unrtf package fixes security vulnerability

Updated unrtf package fixes security vulnerability: Hanno Böck also reported a number of other crashes in unrtf besides the ones associated with CVE-2014-9275. These could allow a denial of service when opening a malicious malformed RTF file which causes unrtf to crash...

6AI score
Exploits0References3
Saint
Saint
added 2014/07/24 12:0 a.m.43 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
Saint
Saint
added 2014/07/24 12:0 a.m.75 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
Rows per page
Query Builder