4 matches found
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2016-0021
CVE-2016-0021 is a memory corruption vulnerability in Microsoft Office components (InfoPath 2007 SP3, InfoPath 2010 SP2, InfoPath 2013 SP1) that allows remote code execution via specially crafted Office documents. Root cause: improper handling of in-memory objects during parsing leads to memory c...
CVE-2012-2520
CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...