| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Microsoft Access
Microsoft Office: vulnerabilities of December 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-466, CVE-2017-11934, CVE-2017-11935, CVE-2017-11936, CVE-2017-11939, VIGILANCE-VUL-24756.
Description of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office: vulnerabilities of november 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/11/2017.
Identifiers: CERTFR-2017-AVI-408, CVE-2017-11854, CVE-2017-11877, CVE-2017-11878, CVE-2017-11882, CVE-2017-11884, VIGILANCE-VUL-24438, VU#421280, ZDI-17-915, ZDI-17-929.
Description of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office: vulnerabilities of October 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 11/10/2017.
Identifiers: CERTFR-2017-AVI-344, CVE-2017-11774, CVE-2017-11776, CVE-2017-11825, CVE-2017-11826, VIGILANCE-VUL-24091.
Description of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office/SharePoint: vulnerabilities of September 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-294, CERTFR-2017-AVI-297, CVE-2017-8567, CVE-2017-8629, CVE-2017-8630, CVE-2017-8631, CVE-2017-8632, CVE-2017-8676, CVE-2017-8682, CVE-2017-8695, CVE-2017-8696, CVE-2017-8725, CVE-2017-8742, CVE-2017-8743, CVE-2017-8744, CVE-2017-8745, VIGILANCE-VUL-23824, ZDI-17-727, ZDI-17-730, ZDI-17-732.
Description of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office/Outlook: vulnerabilities of August 2017
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2017.
Identifiers: CERTFR-2017-AVI-260, CVE-2017-8571, CVE-2017-8572, CVE-2017-8663, VIGILANCE-VUL-23477.
Description of the vulnerability
An attacker can use several vulnerabilities of Microsoft products.
The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial) |
Microsoft: executing DLL code
Synthesis of the vulnerability
An attacker can create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, SQL Server, Visual Studio.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 30/06/2017.
Identifiers: VIGILANCE-VUL-23108.
Description of the vulnerability
The Microsoft product uses external shared libraries (DLL).
However, if the working directory contains a malicious DLL, it is automatically loaded.
An attacker can therefore create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office PowerPoint: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft Office PowerPoint.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/02/2017.
Identifiers: 3204068, 949, 950, 951, MS16-148, VIGILANCE-VUL-21874.
Description of the vulnerability
Several vulnerabilities were announced in Microsoft Office PowerPoint.
An attacker can generate a buffer overflow via MSO!Ordinal5429, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 949]
An attacker can generate a buffer overflow via MSO!Ordinal8038, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 950]
An attacker can generate a buffer overflow via GDI32!ConvertDxArray, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 951]
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 14/12/2016.
Identifiers: 3204068, CERTFR-2016-AVI-415, CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7274, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298-ERROR, CVE-2016-7300, MS16-148, VIGILANCE-VUL-21370.
Description of the vulnerability
Several vulnerabilities were announced in Microsoft Office.
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7263]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7277]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7289]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21368). [severity:4/4; CVE-2016-7274, CVE-2016-7298-ERROR]
An attacker can use a vulnerability via OLE DLL, in order to run code. [severity:3/4; CVE-2016-7275]
An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7267]
An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7262]
An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7266]
An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7264]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7265]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7268]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7276]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7290]
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7291]
An attacker can bypass security features via MAU, in order to escalate his privileges. [severity:2/4; CVE-2016-7300]
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 09/11/2016.
Identifiers: 3199168, CERTFR-2016-AVI-375, CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245, MS16-133, VIGILANCE-VUL-21073.
Description of the vulnerability
Several vulnerabilities were announced in Microsoft Office.
An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7233]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7213]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7228]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7229]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7230]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7231]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7232]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7234]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7235]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7236]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7245]
An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2016-7244]
Full Vigil@nce bulletin... (Free trial) |
Microsoft Office: memory corruption via RTF
Synthesis of the vulnerability
An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.
Description of the vulnerability
The Microsoft Office product can open documents in RTF format.
However, a malicious document corrupts the Microsoft Office memory.
An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Microsoft Access:
|