The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Live Communications Server

weakness CVE-2019-0540 CVE-2019-0594 CVE-2019-0604

Microsoft Office: vulnerabilities of February 2019

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-061, CVE-2019-0540, CVE-2019-0594, CVE-2019-0604, CVE-2019-0668, CVE-2019-0669, CVE-2019-0670, CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675, VIGILANCE-VUL-28487, ZDI-19-180, ZDI-19-181, ZDI-19-192, ZDI-19-197, ZDI-19-198, ZDI-19-199, ZDI-19-224.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-8147 CVE-2018-8148 CVE-2018-8149

Microsoft Office: vulnerabilities of May 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-252, CVE-2018-8147, CVE-2018-8148, CVE-2018-8149, CVE-2018-8150, CVE-2018-8155, CVE-2018-8156, CVE-2018-8157, CVE-2018-8158, CVE-2018-8160, CVE-2018-8161, CVE-2018-8162, CVE-2018-8163, CVE-2018-8168, CVE-2018-8176, VIGILANCE-VUL-26060, ZDI-18-430, ZDI-18-431, ZDI-18-432.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-0903 CVE-2018-0907 CVE-2018-0909

Microsoft Office: vulnerabilities of March 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 14/03/2018.
Identifiers: CERTFR-2018-AVI-130, CVE-2018-0903, CVE-2018-0907, CVE-2018-0909, CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE-2018-0944, CVE-2018-0947, VIGILANCE-VUL-25541.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2017-11934 CVE-2017-11935 CVE-2017-11936

Microsoft Office: vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-466, CVE-2017-11934, CVE-2017-11935, CVE-2017-11936, CVE-2017-11939, VIGILANCE-VUL-24756.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2008-5180

Microsoft OCS: denial of service via SIP

Synthesis of the vulnerability

An attacker can send SIP INVITE queries in order to create a denial of service in Microsoft Office Communications Server.
Severity: 2/4.
Creation date: 02/12/2008.
Identifiers: CVE-2008-5180, VIGILANCE-VUL-8277.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Office Communications Server product implements SIP (Session Initiation Protocol) used for multimedia exchanges. This protocol defines following queries:
 - INVITE : the client requests a new session
 - ACK : the server acknowledges
 - BYE : ends a session
 - etc.

When MOCS receives a special SIP INVITE query, it does not free the associated memory.

An attacker can therefore send numerous queries in order to progressively deplete the memory.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Live Communications Server: