The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Office

computer vulnerability note CVE-2018-8427 CVE-2018-8432 CVE-2018-8480

Microsoft Office: vulnerabilities of October 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Excel, Outlook, PowerPoint, MOSS.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 10/10/2018.
Identifiers: CERTFR-2018-AVI-483, CVE-2018-8427, CVE-2018-8432, CVE-2018-8480, CVE-2018-8488, CVE-2018-8498, CVE-2018-8501, CVE-2018-8502, CVE-2018-8504, CVE-2018-8518, VIGILANCE-VUL-27449.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-8331 CVE-2018-8332 CVE-2018-8426

Microsoft Office: vulnerabilities of September 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Excel, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/09/2018.
Identifiers: CERTFR-2018-AVI-435, CVE-2018-8331, CVE-2018-8332, CVE-2018-8426, CVE-2018-8428, CVE-2018-8429, CVE-2018-8430, CVE-2018-8431, VIGILANCE-VUL-27216.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-8375 CVE-2018-8376 CVE-2018-8378

Microsoft Office: vulnerabilities of August 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-396, CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412, VIGILANCE-VUL-26987, ZDI-18-952.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-8281 CVE-2018-8299 CVE-2018-8300

Microsoft Office: vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 11/07/2018.
Identifiers: CERTFR-2018-AVI-335, CVE-2018-8281, CVE-2018-8299, CVE-2018-8300, CVE-2018-8310, CVE-2018-8312, CVE-2018-8323, VIGILANCE-VUL-26679.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-8176 CVE-2018-8244 CVE-2018-8245

Microsoft Office: vulnerabilities of June 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 13/06/2018.
Identifiers: CERTFR-2018-AVI-285, CVE-2018-8176, CVE-2018-8244, CVE-2018-8245, CVE-2018-8246, CVE-2018-8247, CVE-2018-8248, CVE-2018-8252, CVE-2018-8254, VIGILANCE-VUL-26396, ZDI-18-593.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-17688 CVE-2017-17689

Outlook Gpg4win, Thunderbird Enigmail: PGP and S/MIME decryption

Synthesis of the vulnerability

An attacker can use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Notes, Office, Outlook, Thunderbird, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/05/2018.
Revision date: 14/05/2018.
Identifiers: CERTFR-2018-ALE-007, CVE-2017-17688, CVE-2017-17689, DSA-4244-1, FEDORA-2018-1f651350de, FEDORA-2018-25525a9346, FEDORA-2018-6020628437, FEDORA-2018-73e30969a4, FEDORA-2018-77fe2e20ad, FEDORA-2018-e6ee09fc50, openSUSE-SU-2018:1329-1, openSUSE-SU-2018:1330-1, openSUSE-SU-2018:1347-1, openSUSE-SU-2018:1392-1, openSUSE-SU-2018:1393-1, openSUSE-SU-2018:1451-1, openSUSE-SU-2018:1454-1, SSA:2018-191-01, VIGILANCE-VUL-26123, VU#122919.

Description of the vulnerability

Plugins can be installed to automatically decrypt received emails encrypted with PGP or S/MIME:
 - Apple Mail : GPGTools
 - IBM Notes : PGP Lotus Notes Plug-In
 - Outlook : Gpg4win
 - Thunderbird : Enigmail
 - etc.

However, an attacker who has an encrypted email can use these plugins in order to decrypt it, for example using an image in an HTML email.

An attacker can therefore use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-8147 CVE-2018-8148 CVE-2018-8149

Microsoft Office: vulnerabilities of May 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-252, CVE-2018-8147, CVE-2018-8148, CVE-2018-8149, CVE-2018-8150, CVE-2018-8155, CVE-2018-8156, CVE-2018-8157, CVE-2018-8158, CVE-2018-8160, CVE-2018-8161, CVE-2018-8162, CVE-2018-8163, CVE-2018-8168, CVE-2018-8176, VIGILANCE-VUL-26060, ZDI-18-430, ZDI-18-431, ZDI-18-432.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0920 CVE-2018-0950 CVE-2018-1005

Office: vulnerabilities of April 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 11/04/2018.
Identifiers: CERTFR-2018-AVI-179, CVE-2018-0920, CVE-2018-0950, CVE-2018-1005, CVE-2018-1007, CVE-2018-1011, CVE-2018-1014, CVE-2018-1026, CVE-2018-1027, CVE-2018-1028, CVE-2018-1029, CVE-2018-1030, CVE-2018-1032, CVE-2018-1034, VIGILANCE-VUL-25832, VU#974272, ZDI-18-292.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0789 CVE-2018-0790 CVE-2018-0791

Microsoft Office: vulnerabilities of January 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Excel, Outlook, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 19.
Creation date: 10/01/2018.
Revision date: 22/02/2018.
Identifiers: CERTFR-2018-AVI-021, CVE-2018-0789, CVE-2018-0790, CVE-2018-0791, CVE-2018-0792, CVE-2018-0793, CVE-2018-0794, CVE-2018-0795, CVE-2018-0796, CVE-2018-0797, CVE-2018-0798, CVE-2018-0799, CVE-2018-0801, CVE-2018-0802, CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, CVE-2018-0807, CVE-2018-0812, CVE-2018-0819, VIGILANCE-VUL-24992, ZDI-18-161.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0841 CVE-2018-0850 CVE-2018-0851

Microsoft Office: vulnerabilities of February 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Outlook, MOSS, Word.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/02/2018.
Identifiers: CERTFR-2018-AVI-086, CVE-2018-0841, CVE-2018-0850, CVE-2018-0851, CVE-2018-0852, CVE-2018-0853, CVE-2018-0864, CVE-2018-0869, VIGILANCE-VUL-25293, ZDI-18-219.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Office: