Microsoft Office version 2007 : Security vulnerabilities
#
CVE ID
CWE ID
# of Exploits
Vulnerability Type(s)
Publish Date
Update Date
Score
Gained Access Level
Access
Complexity
Authentication
Conf.
Integ.
Avail.
1
CVE-2018-0862
Exec Code
2018-01-22
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
2
CVE-2018-0849
Exec Code
2018-01-22
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
3
CVE-2018-0848
Exec Code
2018-01-22
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
4
CVE-2018-0845
Exec Code
2018-01-22
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
5
CVE-2018-0812
787
Exec Code Mem. Corr.
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Memory Corruption Vulnerability”.
6
CVE-2018-0807
Exec Code
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.
7
CVE-2018-0806
Exec Code
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
8
CVE-2018-0805
Exec Code
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
9
CVE-2018-0804
Exec Code
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
10
CVE-2018-0802
787
Exec Code Mem. Corr.
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
11
CVE-2018-0801
Exec Code
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Remote Code Execution Vulnerability”.
12
CVE-2018-0798
787
Exec Code Mem. Corr.
2018-01-10
2020-08-24
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”.
13
CVE-2017-11882
119
Overflow Mem. Corr.
2017-11-15
2021-03-16
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.
14
CVE-2017-8744
119
Exec Code Overflow Mem. Corr.
2017-09-13
2018-10-30
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.
15
CVE-2017-8570
Exec Code
2017-07-11
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0243.
16
CVE-2017-8534
200
+Info
2017-06-15
2017-06-26
4.3
None
Remote
Medium
Not required
Partial
None
None
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka “Windows Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.
17
CVE-2017-8533
200
+Info
2017-06-15
2019-06-20
4.3
None
Remote
Medium
Not required
Partial
None
None
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.
18
CVE-2017-8532
200
+Info
2017-06-15
2019-03-19
4.3
None
Remote
Medium
Not required
Partial
None
None
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.
19
CVE-2017-8531
200
+Info
2017-06-15
2017-06-26
4.3
None
Remote
Medium
Not required
Partial
None
None
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.
20
CVE-2017-8528
119
Exec Code Overflow
2017-06-15
2017-06-26
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Uniscribe Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0283.
21
CVE-2017-8527
119
Exec Code Overflow
2017-06-15
2019-03-19
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Graphics Remote Code Execution Vulnerability”.
22
CVE-2017-8512
Exec Code
2017-06-15
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.
23
CVE-2017-8510
Exec Code
2017-06-15
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
24
CVE-2017-8509
Exec Code
2017-06-15
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.
25
CVE-2017-0283
Exec Code
2017-06-15
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Uniscribe Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8528.
26
CVE-2017-0281
Exec Code
2017-05-12
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
27
CVE-2017-0243
119
Exec Code Overflow
2017-07-11
2017-07-20
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8570.
28
CVE-2017-0199
Exec Code
2017-04-12
2019-10-03
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.”
29
CVE-2017-0108
119
Exec Code Overflow
2017-03-17
2017-08-16
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka “Graphics Component Remote Code Execution Vulnerability.” This vulnerability is different from that described in CVE-2017-0014.
30
CVE-2016-7298
119
DoS Exec Code Overflow Mem. Corr.
2016-12-20
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.”
31
CVE-2016-7276
125
DoS +Info
2016-12-20
2018-10-12
5.8
None
Remote
Medium
Not required
Partial
None
Partial
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka “Microsoft Office Information Disclosure Vulnerability.”
32
CVE-2016-7245
119
Exec Code Overflow Mem. Corr.
2016-11-10
2018-10-30
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
33
CVE-2016-7244
284
DoS
2016-11-10
2018-10-12
4.3
None
Remote
Medium
Not required
None
None
Partial
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka “Microsoft Office Denial of Service Vulnerability.”
34
CVE-2016-7182
20
Exec Code
2016-10-14
2018-10-12
10.0
None
Remote
Low
Not required
Complete
Complete
Complete
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka “True Type Font Parsing Elevation of Privilege Vulnerability.”
35
CVE-2016-3396
264
Exec Code
2016-10-14
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “GDI+ Remote Code Execution Vulnerability.”
36
CVE-2016-3357
119
Exec Code Overflow Mem. Corr.
2016-09-14
2018-10-30
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.”
37
CVE-2016-3318
119
Exec Code Overflow Mem. Corr.
2016-08-09
2018-10-30
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka “Graphics Component Memory Corruption Vulnerability.”
38
CVE-2016-3313
119
Exec Code Overflow Mem. Corr.
2016-08-09
2018-10-30
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka “Microsoft Office Memory Corruption Vulnerability.”
39
CVE-2016-3304
20
Exec Code
2016-08-09
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3303.
40
CVE-2016-3303
20
Exec Code
2016-08-09
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability,” a different vulnerability than CVE-2016-3304.
41
CVE-2016-3301
20
Exec Code
2016-08-09
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Windows Graphics Component RCE Vulnerability.”
42
CVE-2016-3263
200
Bypass +Info
2016-10-14
2018-10-12
5.0
None
Remote
Low
Not required
Partial
None
None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “GDI+ Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3262.
43
CVE-2016-3262
200
Bypass +Info
2016-10-14
2018-10-12
5.0
None
Remote
Low
Not required
Partial
None
None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “GDI+ Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3263.
44
CVE-2016-3209
200
Bypass +Info
2016-10-14
2018-10-12
5.0
None
Remote
Low
Not required
Partial
None
None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “True Type Font Parsing Information Disclosure Vulnerability.”
45
CVE-2016-0145
119
Exec Code Overflow Mem. Corr.
2016-04-12
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka “Graphics Memory Corruption Vulnerability.”
46
CVE-2016-0141
200
+Info
2016-09-14
2018-10-12
4.3
None
Remote
Medium
Not required
Partial
None
None
The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka “Microsoft Information Disclosure Vulnerability.”
47
CVE-2016-0140
119
Exec Code Overflow Mem. Corr.
2016-05-11
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
48
CVE-2016-0057
264
+Priv Bypass
2016-03-09
2018-10-12
7.2
None
Local
Low
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.”
49
CVE-2016-0055
119
Exec Code Overflow Mem. Corr.
2016-02-10
2018-10-12
9.3
None
Remote
Medium
Not required
Complete
Complete
Complete
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
50
CVE-2016-0012
200
Bypass +Info
2016-01-13
2018-10-12
4.3
None
Remote
Medium
Not required
Partial
None
None
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “Microsoft Office ASLR Bypass.”