The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Office OneNote

computer weakness alert 21874

Microsoft Office PowerPoint: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office PowerPoint.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/02/2017.
Identifiers: 3204068, 949, 950, 951, MS16-148, VIGILANCE-VUL-21874.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office PowerPoint.

An attacker can generate a buffer overflow via MSO!Ordinal5429, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 949]

An attacker can generate a buffer overflow via MSO!Ordinal8038, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 950]

An attacker can generate a buffer overflow via GDI32!ConvertDxArray, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 951]
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-7257 CVE-2016-7262 CVE-2016-7263

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 14/12/2016.
Identifiers: 3204068, CERTFR-2016-AVI-415, CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7274, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298-ERROR, CVE-2016-7300, MS16-148, VIGILANCE-VUL-21370.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7263]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7277]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7289]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21368). [severity:4/4; CVE-2016-7274, CVE-2016-7298-ERROR]

An attacker can use a vulnerability via OLE DLL, in order to run code. [severity:3/4; CVE-2016-7275]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7267]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7262]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-7266]

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7264]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7265]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7268]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7276]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7290]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7291]

An attacker can bypass security features via MAU, in order to escalate his privileges. [severity:2/4; CVE-2016-7300]
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2016-7213 CVE-2016-7228 CVE-2016-7229

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 09/11/2016.
Identifiers: 3199168, CERTFR-2016-AVI-375, CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245, MS16-133, VIGILANCE-VUL-21073.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-7233]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7213]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7228]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7229]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7230]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7231]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7232]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7235]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7236]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7245]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2016-7244]
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-0137 CVE-2016-0141 CVE-2016-3357

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 13/09/2016.
Revision date: 21/09/2016.
Identifiers: 3185852, CERTFR-2016-AVI-309, CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381, MS16-107, VIGILANCE-VUL-20592, ZDI-16-508.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Click-to-Run, in order to obtain sensitive information. [severity:1/4; CVE-2016-0137]

An attacker can bypass security features via Visual Basic Macros, in order to obtain sensitive information. [severity:2/4; CVE-2016-0141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3357]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3358]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3359]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3361]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3362]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3364]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3365, ZDI-16-508]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3381]

An attacker can alter displayed information, in order to deceive the victim. [severity:2/4; CVE-2016-3366]
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-3313 CVE-2016-3315 CVE-2016-3316

Microsoft Office: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/08/2016.
Identifiers: 3177451, CERTFR-2016-AVI-270, COSIG-2016-31, COSIG-2016-32, CVE-2016-3313, CVE-2016-3315, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318, MS16-099, VIGILANCE-VUL-20349, ZDI-16-451.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Microsoft OneNote, in order to obtain sensitive information. [severity:2/4; CVE-2016-3315]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3313]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; COSIG-2016-32, CVE-2016-3316]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3317]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3318, ZDI-16-451]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3278 CVE-2016-3279 CVE-2016-3280

Microsoft Office: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/07/2016.
Identifiers: 3170008, CERTFR-2016-AVI-231, CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284, MS16-088, VIGILANCE-VUL-20084.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3284]

An attacker can use a vulnerability via an XLA file, in order to run code. [severity:3/4; CVE-2016-3279]
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2016-0126 CVE-2016-0140 CVE-2016-0183

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/05/2016.
Identifiers: 3155544, CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198, MS16-054, VIGILANCE-VUL-19578.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0126]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0140]

An attacker can use a vulnerability in Microsoft Office Graphics, in order to run code. [severity:3/4; CVE-2016-0183]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0198]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0143 CVE-2016-0145 CVE-2016-0165

Windows, .NET, Office, Skype, Lync: four vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Windows, .NET, Office, Skype, Lync.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148522, 684, 707, CERTFR-2016-AVI-122, CERTFR-2016-AVI-123, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, MS16-039, VIGILANCE-VUL-19354.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync.

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0145]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0165]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0167]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Office OneNote: