52 matches found
CVE-2018-0797
CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...
CVE-2013-0007
CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...
CVE-2013-3848
CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...
CVE-2012-2528
CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...
CVE-2013-3850
CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...
CVE-2013-3856
CVE-2013-3856 affects Microsoft Word 2003 SP3 and Word Viewer. A memory corruption flaw in crafted Office documents allows remote code execution or a denial of service. Affected products are Word 2003 SP3 and Word Viewer; the vulnerability is addressed by Microsoft MS13-072 (security update). The...
CVE-2017-0254
CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...
CVE-2016-0145
CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...
CVE-2013-0006
CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...
CVE-2013-3852
CVE-2013-3852 affects Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability is a memory corruption flaw in Word that can be triggered by a crafted Office document, enabling remote code execution or a denial of service. The OpenVAS...
CVE-2016-3304
CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2016-3313
CVE-2016-3313 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution when a user opens a crafted Office file. The CVE description lists affected software as Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, plus Word 2016 for Mac and Word Vie...
CVE-2016-3303
CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...
CVE-2016-0022
CVE-2016-0022 corresponds to a memory corruption vulnerability in Microsoft Office components (Word and related Word/Office Suite on Windows and Mac) that could allow remote code execution via a crafted Office document. Connected sources indicate this is tied to MS16-015 and affects Word 2007 SP3...
CVE-2016-3234
CVE-2016-3234 affects Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint 2010 SP2/2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1. The root cause is an information disclosure flaw that...
CVE-2016-3357
CVE-2016-3357 is a Microsoft Office memory corruption vulnerability: multiple Office components (Word/Excel/PowerPoint and related servers) allow remote code execution via a crafted document. Root cause cited as improper handling of objects in memory. Affected products span Office 2007 SP3 throug...
CVE-2016-0134
CVE-2016-0134 affects multiple Microsoft Office products, including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word for Mac 2011/2016, Office Compatibility Pack SP3, and related SharePoint/Web Apps components. The vulnerability is described as a memory corrupt...
CVE-2016-0198
Microsoft Office memory corruption vulnerability CVE-2016-0198 allows remote code execution when processing specially crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac...
CVE-2017-0053
Technical details about CVE-2017-0053 are not publicly provided in the supplied documents; monitor for future updates.
CVE-2016-0127
CVE-2016-0127 affects Microsoft Office components: Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2/2013 SP1, and Office Web Apps 2010 SP2/Server 2013 SP1. Description...
CVE-2014-0258
CVE-2014-0258 affects Microsoft Word 2003 SP3, Word 2007 SP3, Office Compatibility Pack SP3, and Word Viewer. The root cause is memory corruption when parsing crafted Office files, enabling remote code execution (and potential DoS) in the context of the user. Connected advisories confirm MS14-001...
CVE-2016-3282
CVE-2016-3282 is a Microsoft Office remote code execution vulnerability arising from memory corruption in Office components (Word, Word Automation Services, SharePoint-related components, etc.). It affects a broad set of Office products across Windows and macOS (Word 2007 SP3, Office 2010 SP2, Wo...
CVE-2015-1651
CVE-2015-1651 is a use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The flaw allows remote code execution via a crafted Office document. Root cause: use-after-free in Office components when parsing Office files. Exploitation context: remote ...
CVE-2015-6091
CVE-2015-6091 is a Microsoft Office memory‑corruption vulnerability that allows remote code execution when parsing crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word Viewer, and related Office/Web Apps component...
CVE-2016-7268
CVE-2016-7268 is an information-disclosure/Memory-read vulnerability in Microsoft Office products. The initial description lists how crafted Office documents can cause an out-of-bounds read or memory disclosure, allowing remote attackers to obtain sensitive information from process memory. Affect...
CVE-2016-3317
CVE-2016-3317 describes a memory corruption vulnerability in Microsoft Office components (Office 2010 SP2, Word 2007 SP3/2010 SP2, Word for Mac 2011, Word 2016 for Mac, Word Viewer) that could allow remote code execution when a user opens a crafted file. The issue is part of multiple related Offi...
CVE-2016-0052
The CVE-2016-0052 issue affects Microsoft Word/Office across multiple versions (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Serve...
CVE-2015-1649
CVE-2015-1649 is a use-after-free vulnerability in Microsoft Office components (Word 2007 SP3, Office 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2) that allows remote code execution via a crafted ...
CVE-2015-1650
CVE-2015-1650 is a use-after-free vulnerability in Microsoft Word/Office components that allows remote code execution via crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3,...
CVE-2015-2468
CVE-2015-2468 affects Microsoft Office components across Word/Office for Windows and Mac, including Word 2007 SP3, 2010 SP2, 2013 SP1, Office for Mac 2011/2016, Office Compatibility Pack SP3, Word Viewer, and related SharePoint/Office Web Apps. The root cause is memory corruption triggered by pro...
CVE-2014-0260
CVE-2014-0260 affects Microsoft Word and related Office components (Word Viewer, Office Web Apps, SharePoint, etc.). The issue arises from memory corruption while parsing crafted Office documents, enabling remote code execution or, per source, possible denial of service. The vulnerability is mapp...
CVE-2015-2470
CVE-2015-2470 is a Microsoft Office remote-code-execution vulnerability caused by an integer underflow when processing crafted Office documents. Affected products include Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer. The underflow can...
CVE-2016-3280
CVE-2016-3280 is a Microsoft Office/Word memory-corruption vulnerability that allows remote code execution via crafted Office documents. The CVE affects Word and related components across multiple platforms (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for ...
CVE-2013-3849
Summary: CVE-2013-3849 is part of a set of related Word memory corruption vulnerabilities affecting Microsoft Word Automation Services and related Word components (SharePoint 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility...
CVE-2015-6092
CVE-2015-6092 is a remote-code-execution memory-corruption vulnerability in Microsoft Word/Office components (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Office Compatibility Pack, Word Viewer). The issue arises from improper handling of objects in memory while...
CVE-2015-0064
CVE-2015-0064 corresponds to a memory-corruption remote-code-execution vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer and Office Compatibility Pack SP3. The issue arises when processing a crafte...
CVE-2010-3214
The CVE-2010-3214 entry maps to a stack-based buffer overflow in Microsoft Word triggered by parsing specific Word structures (UPX data) in crafted Word documents, enabling remote code execution. Affected products include Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Word for Mac 2004 and 2008; th...
CVE-2013-3847
Microsoft Word Memory Corruption Vulnerability (CVE-2013-3847) affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. A crafted Office document coul...
CVE-2015-2379
CVE-2015-2379 affects Microsoft Office components (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Word Viewer). The vulnerability is a memory corruption issue triggered by processing crafted Office documents, allowing remote attackers to execu...
CVE-2015-6106
CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...
CVE-2016-0053
CVE-2016-0053 corresponds to a memory corruption vulnerability that allows remote code execution when processing crafted Office documents in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automa...
CVE-2016-0010
CVE-2016-0010 is a Microsoft Office memory corruption vulnerability that can allow remote code execution when a crafted Office document is opened. Affected products include Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and Mac versions (Office for Mac 2011/2016) plus Word/Excel/PowerPoi...
CVE-2013-3855
CVE-2013-3855 affects Microsoft Word 2003 SP3/2007 SP3, Office Compatibility Pack SP3, and Word Viewer. Root cause is memory corruption via a crafted Office document, enabling remote code execution or a memory‑corruption DoS. The OpenVAS/NVD entries cite MS13-072 as the remediation path (security...
CVE-2016-3283
CVE-2016-3283 – Microsoft Office Memory Corruption Vulnerability : A remote code execution flaw exists in Microsoft Office/Word Viewer due to improper handling of in-memory objects while parsing specially crafted Office files. An attacker can exploit this by enticing a user to open a crafted docu...
CVE-2015-0086
CVE-2015-0086 affects Microsoft Office/Word products including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold/SP1, Word 2013 RT Gold/SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Serve...
CVE-2010-3221
Microsoft Word Remote Code Execution (CVE-2010-3221) arises from memory corruption when parsing crafted Word documents, allowing remote code execution. Affected products across the Word family include Word 2002 SP3, 2003 SP3, Word Viewer, and Office/Word for Mac variants cited in MS10-079 materia...
CVE-2013-3857
CVE-2013-3857 affects Microsoft Word/Office components across SharePoint, Word Web App, Word Viewer, and older Word releases (2003–2010) with Word Memory Corruption via crafted documents. Root cause: memory corruption enabling remote code execution or DoS. Affected/impacted products include Word ...
CVE-2013-3858
CVE-2013-3858 affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability allows remote attackers to execute arbitrary code or cause a ...
CVE-2013-3160
CVE-2013-3160 corresponds to an XXE vulnerability in Microsoft Office 2003 SP3/2007 SP3, Word 2003/2007, and Word Viewer. Its root cause is improper handling of XML with an external entity declaration and an entity reference, allowing a remote attacker to read local files. Connected sources enume...