The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Visio

vulnerability announce CVE-2018-0920 CVE-2018-0950 CVE-2018-1005

Office: vulnerabilities of April 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 11/04/2018.
Identifiers: CERTFR-2018-AVI-179, CVE-2018-0920, CVE-2018-0950, CVE-2018-1005, CVE-2018-1007, CVE-2018-1011, CVE-2018-1014, CVE-2018-1026, CVE-2018-1027, CVE-2018-1028, CVE-2018-1029, CVE-2018-1030, CVE-2018-1032, CVE-2018-1034, VIGILANCE-VUL-25832, VU#974272, ZDI-18-292.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0903 CVE-2018-0907 CVE-2018-0909

Microsoft Office: vulnerabilities of March 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 14/03/2018.
Identifiers: CERTFR-2018-AVI-130, CVE-2018-0903, CVE-2018-0907, CVE-2018-0909, CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE-2018-0944, CVE-2018-0947, VIGILANCE-VUL-25541.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11934 CVE-2017-11935 CVE-2017-11936

Microsoft Office: vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-466, CVE-2017-11934, CVE-2017-11935, CVE-2017-11936, CVE-2017-11939, VIGILANCE-VUL-24756.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-11854 CVE-2017-11877 CVE-2017-11878

Microsoft Office: vulnerabilities of november 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/11/2017.
Identifiers: CERTFR-2017-AVI-408, CVE-2017-11854, CVE-2017-11877, CVE-2017-11878, CVE-2017-11882, CVE-2017-11884, VIGILANCE-VUL-24438, VU#421280, ZDI-17-915, ZDI-17-929.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-11774 CVE-2017-11776 CVE-2017-11825

Microsoft Office: vulnerabilities of October 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 11/10/2017.
Identifiers: CERTFR-2017-AVI-344, CVE-2017-11774, CVE-2017-11776, CVE-2017-11825, CVE-2017-11826, VIGILANCE-VUL-24091.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-8567 CVE-2017-8629 CVE-2017-8630

Microsoft Office/SharePoint: vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-294, CERTFR-2017-AVI-297, CVE-2017-8567, CVE-2017-8629, CVE-2017-8630, CVE-2017-8631, CVE-2017-8632, CVE-2017-8676, CVE-2017-8682, CVE-2017-8695, CVE-2017-8696, CVE-2017-8725, CVE-2017-8742, CVE-2017-8743, CVE-2017-8744, CVE-2017-8745, VIGILANCE-VUL-23824, ZDI-17-727, ZDI-17-730, ZDI-17-732.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-8571 CVE-2017-8572 CVE-2017-8663

Microsoft Office/Outlook: vulnerabilities of August 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2017.
Identifiers: CERTFR-2017-AVI-260, CVE-2017-8571, CVE-2017-8572, CVE-2017-8663, VIGILANCE-VUL-23477.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23108

Microsoft: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, SQL Server, Visual Studio.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 30/06/2017.
Identifiers: VIGILANCE-VUL-23108.

Description of the vulnerability

The Microsoft product uses external shared libraries (DLL).

However, if the working directory contains a malicious DLL, it is automatically loaded.

An attacker can therefore create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 21874

Microsoft Office PowerPoint: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office PowerPoint.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/02/2017.
Identifiers: 3204068, 949, 950, 951, MS16-148, VIGILANCE-VUL-21874.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office PowerPoint.

An attacker can generate a buffer overflow via MSO!Ordinal5429, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 949]

An attacker can generate a buffer overflow via MSO!Ordinal8038, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 950]

An attacker can generate a buffer overflow via GDI32!ConvertDxArray, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 951]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7257 CVE-2016-7262 CVE-2016-7263

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 14/12/2016.
Identifiers: 3204068, CERTFR-2016-AVI-415, CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7274, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298-ERROR, CVE-2016-7300, MS16-148, VIGILANCE-VUL-21370.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7263]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7277]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7289]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21368). [severity:4/4; CVE-2016-7274, CVE-2016-7298-ERROR]

An attacker can use a vulnerability via OLE DLL, in order to run code. [severity:3/4; CVE-2016-7275]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7267]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7262]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7266]

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7264]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7265]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7268]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7276]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7290]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7291]

An attacker can bypass security features via MAU, in order to escalate his privileges. [severity:2/4; CVE-2016-7300]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Visio: