- Home
- CVEs with nessus.description==The Microsoft Office application, Office Web Apps, or SharePoint
Server installed on the remote Windows host is missing a security
update. It is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist
in Microsoft Office software due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to open a
specially crafted document file, to execute arbitrary
code in the context of the current user. (CVE-2017-0006,
CVE-2017-0019, CVE-2017-0020, CVE-2017-0030,
CVE-2017-0031, CVE-2017-0052, CVE-2017-0053)
- An information disclosure vulnerability exists in
Microsoft Office due to improper disclosure of memory
contents. An unauthenticated, remote attacker can
exploit this to disclose sensitive system memory
information by convincing a user to open a specially
crafted document file. (CVE-2017-0027)
- A denial of service vulnerability exists in Microsoft
Office that allows an unauthenticated, remote attacker
to cause Office to stop responding by convincing a user
to open a specially crafted document file.
(CVE-2017-0029)
- An out-of-bounds read error exists in Microsoft Office
due to an uninitialized variable. A local attacker can
exploit this to disclose memory contents by opening a
specially crafted document file. (CVE-2017-0105)
- A cross-site scripting (XSS) vulnerability exists in
Microsoft SharePoint Server due to improper validation
of input before returning it to users. An authenticated,
remote attacker can exploit this, via a specially
crafted request, to execute arbitrary script code in a
user's browser session. (CVE-2017-0107)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top