- Home
- CVEs with nessus.description==The Microsoft Office application installed on the remote macOS or Mac
OS X host is missing a security update. It is, therefore, affected by
multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist
in Microsoft Office software due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit these, by convincing a user to open a
specially crafted document file, to execute arbitrary
code in the context of the current user. (CVE-2017-0020,
CVE-2017-0030, CVE-2017-0031)
- An information disclosure vulnerability exists in
Microsoft Office due to improper disclosure of memory
contents. An unauthenticated, remote attacker can
exploit this to disclose sensitive system memory
information by convincing a user to open a specially
crafted document file. (CVE-2017-0027)
- A denial of service vulnerability exists in Microsoft
Office that allows an unauthenticated, remote attacker
to cause Office to stop responding by convincing a user
to open a specially crafted document file.
(CVE-2017-0029)
- An out-of-bounds read error exists in Microsoft Office
due to an uninitialized variable. A local attacker can
exploit this to disclose memory contents by opening a
specially crafted document file. (CVE-2017-0105)
- A flaw exists in Microsoft Lync for Mac due to improper
validation of X.509 certificates. A man-in-the-middle
attacker can exploit this, by spoofing a TLS/SSL server
via a certificate that appears valid, to disclose or
manipulate transmitted data. (CVE-2017-0129)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top