Lucene search
K
MicrosoftInfopath

9 matches found

CVE
CVE
•added 2004/09/17 4:0 a.m.•149 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
•added 2015/11/11 11:0 a.m.•114 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
CVE
CVE
•added 2006/10/10 10:0 p.m.•97 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12199EPSS
CVE
CVE
•added 2007/02/03 1:0 a.m.•92 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
•added 2016/03/09 11:0 a.m.•86 views

CVE-2016-0021

CVE-2016-0021 is a memory corruption vulnerability in Microsoft Office components (InfoPath 2007 SP3, InfoPath 2010 SP2, InfoPath 2013 SP1) that allows remote code execution via specially crafted Office documents. Root cause: improper handling of in-memory objects during parsing leads to memory c...

9.3CVSS7.7AI score0.23429EPSS
CVE
CVE
•added 2018/05/09 7:0 p.m.•84 views

CVE-2018-8173

CVE-2018-8173 affects Microsoft InfoPath 2013 SP1 (32- and 64-bit). The root cause is improper handling of objects in memory, enabling remote code execution when a user opens a specially crafted InfoPath form/file. Impact can allow arbitrary code execution in the user’s context; administrative ri...

9.3CVSS7.8AI score0.18609EPSS
CVE
CVE
•added 2012/10/09 9:0 p.m.•76 views

CVE-2012-2520

CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...

4.3CVSS5.6AI score0.28477EPSS
CVE
CVE
•added 2013/04/09 10:0 p.m.•66 views

CVE-2013-1289

The CVE-2013-1289 entry covers a cross-site scripting (XSS) vulnerability in multiple Microsoft HTML Sanitization components used by SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1. The issue arises from the HTML sanitization logic,...

4.3CVSS5.4AI score0.15432EPSS
CVE
CVE
•added 2008/07/07 11:0 p.m.•65 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...

7.5CVSS6.7AI score0.17404EPSS