Search

Find a vulnerability

Search criteria

    174 vulnerabilities found for word_viewer by microsoft

    CVE-2019-0540 (GCVE-0-2019-0540)

    Vulnerability from cvelistv5 – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: Word Viewer
    Create a notification for this product.
    Microsoft Microsoft Excel Viewer Affected: unspecified
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: unspecified
    Create a notification for this product.
    Microsoft Microsoft Office Compatibility Pack Affected: Service Pack 3
    Create a notification for this product.
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106863"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft Excel Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Office Compatibility Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka \u0027Microsoft Office Security Feature Bypass Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106863"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Excel Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Compatibility Pack",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka \u0027Microsoft Office Security Feature Bypass Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106863"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0540",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8432 (GCVE-0-2018-8432)

    Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105458 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041823 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Windows 7 Affected: 32-bit Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: Compatibility Pack Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Office Word Viewer Affected: Microsoft Office Word Viewer
    Create a notification for this product.
    Microsoft Microsoft Excel Viewer Affected: 2007 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: 2007
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: (Server Core installation)
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Affected: Itanium-Based Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1 (Server Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Affected: Version 1809 for 32-bit Systems
    Affected: Version 1809 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows Server 2008 Affected: 32-bit Systems Service Pack 2
    Affected: 32-bit Systems Service Pack 2 (Server Core installation)
    Affected: Itanium-Based Systems Service Pack 2
    Affected: x64-based Systems Service Pack 2
    Affected: x64-based Systems Service Pack 2 (Server Core installation)
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105458"
              },
              {
                "name": "1041823",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "Compatibility Pack Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Office Word Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft Excel Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2007 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2007"
                }
              ]
            },
            {
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Server Core installation)"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Windows Server 2008 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1 (Server Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "Version 1809 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server 2008",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 2 (Server Core installation)"
                },
                {
                  "status": "affected",
                  "version": "Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 2 (Server Core installation)"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105458",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105458"
            },
            {
              "name": "1041823",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows 7",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "Compatibility Pack Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Word Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Excel Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2007 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2007"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Server Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2008 R2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "Version 1809 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2008",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
                              },
                              {
                                "version_value": "Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105458",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105458"
                },
                {
                  "name": "1041823",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041823"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8432",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0797 (GCVE-0-2018-0797)

    Vulnerability from cvelistv5 – Published: 2018-01-10 01:00 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102406 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040153 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Office Affected: Microsoft Office
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102406"
              },
              {
                "name": "1040153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040153"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "102406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102406"
            },
            {
              "name": "1040153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040153"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2018-0797",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102406"
                },
                {
                  "name": "1040153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040153"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-0797",
        "datePublished": "2018-01-10T01:00:00.000Z",
        "dateReserved": "2017-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:17:56.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0254 (GCVE-0-2017-0254)

    Vulnerability from cvelistv5 – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/98101 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038443 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Office Affected: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016.
    Create a notification for this product.
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
              },
              {
                "name": "98101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98101"
              },
              {
                "name": "1038443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
            },
            {
              "name": "98101",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98101"
            },
            {
              "name": "1038443",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0254",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
                },
                {
                  "name": "98101",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98101"
                },
                {
                  "name": "1038443",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0254",
        "datePublished": "2017-05-12T14:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:19.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0108 (GCVE-0-2017-0108)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96722 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/41647/ exploitx_refsource_EXPLOIT-DB
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Component Affected: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "name": "41647",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41647/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Component",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "name": "41647",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41647/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Component",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96722"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "41647",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41647/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0108",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0053 (GCVE-0-2017-0053)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038010 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96745 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Office Affected: Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:17.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038010"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
              },
              {
                "name": "96745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96745"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038010",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038010"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
            },
            {
              "name": "96745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96745"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038010",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038010"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
                },
                {
                  "name": "96745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96745"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0053",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:17.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7268 (GCVE-0-2016-7268)

    Vulnerability from cvelistv5 – Published: 2016-12-20 05:54 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94672 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037441 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS16-148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
              },
              {
                "name": "94672",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94672"
              },
              {
                "name": "1037441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS16-148",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
            },
            {
              "name": "94672",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94672"
            },
            {
              "name": "1037441",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS16-148",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
                },
                {
                  "name": "94672",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94672"
                },
                {
                  "name": "1037441",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7268",
        "datePublished": "2016-12-20T05:54:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7298 (GCVE-0-2016-7298)

    Vulnerability from cvelistv5 – Published: 2016-12-20 05:54 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94720 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037441 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS16-148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
              },
              {
                "name": "94720",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94720"
              },
              {
                "name": "1037441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS16-148",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
            },
            {
              "name": "94720",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94720"
            },
            {
              "name": "1037441",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS16-148",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
                },
                {
                  "name": "94720",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94720"
                },
                {
                  "name": "1037441",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7298",
        "datePublished": "2016-12-20T05:54:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7233 (GCVE-0-2016-7233)

    Vulnerability from cvelistv5 – Published: 2016-11-10 06:16 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.verisign.com/en_US/security-services/… third-party-advisoryx_refsource_IDEFENSE
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94031 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037246 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
              },
              {
                "name": "MS16-133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
              },
              {
                "name": "94031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94031"
              },
              {
                "name": "1037246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037246"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
            },
            {
              "name": "MS16-133",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
            },
            {
              "name": "94031",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94031"
            },
            {
              "name": "1037246",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037246"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
                },
                {
                  "name": "MS16-133",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
                },
                {
                  "name": "94031",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94031"
                },
                {
                  "name": "1037246",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037246"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7233",
        "datePublished": "2016-11-10T06:16:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7182 (GCVE-0-2016-7182)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-06 01:50
    VLAI
    Summary
    The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93395 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93395"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka \"True Type Font Parsing Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93395"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka \"True Type Font Parsing Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93395"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7182",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:50:47.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7193 (GCVE-0-2016-7193)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93372"
              },
              {
                "name": "MS16-121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
              },
              {
                "name": "1036984",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036984"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7193",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:03:53.430430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7193"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:49.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7193"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-03T00:00:00.000Z",
                "value": "CVE-2016-7193 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "93372",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93372"
            },
            {
              "name": "MS16-121",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
            },
            {
              "name": "1036984",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036984"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93372",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93372"
                },
                {
                  "name": "MS16-121",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
                },
                {
                  "name": "1036984",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036984"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7193",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:49.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3396 (GCVE-0-2016-3396)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:56
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/93380 vdb-entryx_refsource_BID
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:56:13.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              },
              {
                "name": "93380",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"GDI+ Remote Code Execution Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            },
            {
              "name": "93380",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"GDI+ Remote Code Execution Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                },
                {
                  "name": "93380",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3396",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:56:13.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3209 (GCVE-0-2016-3209)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/93385 vdb-entryx_refsource_BID
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:59.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              },
              {
                "name": "93385",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93385"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            },
            {
              "name": "93385",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93385"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                },
                {
                  "name": "93385",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93385"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3209",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:59.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3263 (GCVE-0-2016-3263)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93394 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93394",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93394"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93394",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93394"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3263",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93394",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93394"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3263",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3262 (GCVE-0-2016-3262)

    Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93390 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93390"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3263."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93390",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93390"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3263."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93390",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93390"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3262",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0540 (GCVE-0-2019-0540)

    Vulnerability from nvd – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: Word Viewer
    Create a notification for this product.
    Microsoft Microsoft Excel Viewer Affected: unspecified
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: unspecified
    Create a notification for this product.
    Microsoft Microsoft Office Compatibility Pack Affected: Service Pack 3
    Create a notification for this product.
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106863"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft Excel Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Office Compatibility Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka \u0027Microsoft Office Security Feature Bypass Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106863"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Excel Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Compatibility Pack",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka \u0027Microsoft Office Security Feature Bypass Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106863"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0540",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8432 (GCVE-0-2018-8432)

    Vulnerability from nvd – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105458 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041823 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Windows 7 Affected: 32-bit Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: Compatibility Pack Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Office Word Viewer Affected: Microsoft Office Word Viewer
    Create a notification for this product.
    Microsoft Microsoft Excel Viewer Affected: 2007 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: 2007
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: (Server Core installation)
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Windows Server 2008 R2 Affected: Itanium-Based Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1
    Affected: x64-based Systems Service Pack 1 (Server Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Affected: Version 1809 for 32-bit Systems
    Affected: Version 1809 for x64-based Systems
    Create a notification for this product.
    Microsoft Windows Server 2008 Affected: 32-bit Systems Service Pack 2
    Affected: 32-bit Systems Service Pack 2 (Server Core installation)
    Affected: Itanium-Based Systems Service Pack 2
    Affected: x64-based Systems Service Pack 2
    Affected: x64-based Systems Service Pack 2 (Server Core installation)
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105458"
              },
              {
                "name": "1041823",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows 7",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "Compatibility Pack Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Office Word Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft Excel Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2007 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2007"
                }
              ]
            },
            {
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Server Core installation)"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Windows Server 2008 R2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 1 (Server Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "Version 1809 for x64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server 2008",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "32-bit Systems Service Pack 2 (Server Core installation)"
                },
                {
                  "status": "affected",
                  "version": "Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "x64-based Systems Service Pack 2 (Server Core installation)"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105458",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105458"
            },
            {
              "name": "1041823",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows 7",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "Compatibility Pack Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Word Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Excel Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2007 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2007"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Server Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2008 R2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "Version 1809 for x64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server 2008",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
                              },
                              {
                                "version_value": "Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105458",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105458"
                },
                {
                  "name": "1041823",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041823"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8432",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0797 (GCVE-0-2018-0797)

    Vulnerability from nvd – Published: 2018-01-10 01:00 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102406 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040153 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Office Affected: Microsoft Office
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102406"
              },
              {
                "name": "1040153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040153"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "102406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102406"
            },
            {
              "name": "1040153",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040153"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2018-0797",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102406"
                },
                {
                  "name": "1040153",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040153"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-0797",
        "datePublished": "2018-01-10T01:00:00.000Z",
        "dateReserved": "2017-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:17:56.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0254 (GCVE-0-2017-0254)

    Vulnerability from nvd – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/98101 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038443 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Office Affected: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016.
    Create a notification for this product.
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
              },
              {
                "name": "98101",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98101"
              },
              {
                "name": "1038443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
            },
            {
              "name": "98101",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98101"
            },
            {
              "name": "1038443",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0254",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0254"
                },
                {
                  "name": "98101",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98101"
                },
                {
                  "name": "1038443",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0254",
        "datePublished": "2017-05-12T14:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:19.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0108 (GCVE-0-2017-0108)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96722 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/41647/ exploitx_refsource_EXPLOIT-DB
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Component Affected: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "name": "41647",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41647/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Component",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "name": "41647",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41647/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Component",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96722"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "41647",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41647/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0108",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0053 (GCVE-0-2017-0053)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038010 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96745 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Office Affected: Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:17.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038010",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038010"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
              },
              {
                "name": "96745",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96745"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038010",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038010"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
            },
            {
              "name": "96745",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96745"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038010",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038010"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053"
                },
                {
                  "name": "96745",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96745"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0053",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:17.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7298 (GCVE-0-2016-7298)

    Vulnerability from nvd – Published: 2016-12-20 05:54 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94720 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037441 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS16-148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
              },
              {
                "name": "94720",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94720"
              },
              {
                "name": "1037441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS16-148",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
            },
            {
              "name": "94720",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94720"
            },
            {
              "name": "1037441",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS16-148",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
                },
                {
                  "name": "94720",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94720"
                },
                {
                  "name": "1037441",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7298",
        "datePublished": "2016-12-20T05:54:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7268 (GCVE-0-2016-7268)

    Vulnerability from nvd – Published: 2016-12-20 05:54 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94672 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037441 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS16-148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
              },
              {
                "name": "94672",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94672"
              },
              {
                "name": "1037441",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037441"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS16-148",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
            },
            {
              "name": "94672",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94672"
            },
            {
              "name": "1037441",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037441"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS16-148",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
                },
                {
                  "name": "94672",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94672"
                },
                {
                  "name": "1037441",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037441"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7268",
        "datePublished": "2016-12-20T05:54:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7233 (GCVE-0-2016-7233)

    Vulnerability from nvd – Published: 2016-11-10 06:16 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.verisign.com/en_US/security-services/… third-party-advisoryx_refsource_IDEFENSE
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/94031 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1037246 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
              },
              {
                "name": "MS16-133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
              },
              {
                "name": "94031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94031"
              },
              {
                "name": "1037246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037246"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
            },
            {
              "name": "MS16-133",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
            },
            {
              "name": "94031",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94031"
            },
            {
              "name": "1037246",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037246"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
                },
                {
                  "name": "MS16-133",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
                },
                {
                  "name": "94031",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94031"
                },
                {
                  "name": "1037246",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037246"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7233",
        "datePublished": "2016-11-10T06:16:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7193 (GCVE-0-2016-7193)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93372"
              },
              {
                "name": "MS16-121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
              },
              {
                "name": "1036984",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036984"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7193",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:03:53.430430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7193"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:49.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7193"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-03T00:00:00.000Z",
                "value": "CVE-2016-7193 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "93372",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93372"
            },
            {
              "name": "MS16-121",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
            },
            {
              "name": "1036984",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036984"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93372",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93372"
                },
                {
                  "name": "MS16-121",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-121"
                },
                {
                  "name": "1036984",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036984"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7193",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:49.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7182 (GCVE-0-2016-7182)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2024-08-06 01:50
    VLAI
    Summary
    The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93395 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93395"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka \"True Type Font Parsing Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93395"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-7182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka \"True Type Font Parsing Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93395"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-7182",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:50:47.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3396 (GCVE-0-2016-3396)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:56
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/93380 vdb-entryx_refsource_BID
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:56:13.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              },
              {
                "name": "93380",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"GDI+ Remote Code Execution Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            },
            {
              "name": "93380",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"GDI+ Remote Code Execution Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                },
                {
                  "name": "93380",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3396",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:56:13.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3263 (GCVE-0-2016-3263)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93394 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93394",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93394"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93394",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93394"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3263",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93394",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93394"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3263",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3262 (GCVE-0-2016-3262)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93390 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:58.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "93390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93390"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3263."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "93390",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93390"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"GDI+ Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3263."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "93390",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93390"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3262",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:58.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3209 (GCVE-0-2016-3209)

    Vulnerability from nvd – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:47
    VLAI
    Summary
    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036988 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/bid/93385 vdb-entryx_refsource_BID
    Date Public
    2016-10-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:47:59.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036988"
              },
              {
                "name": "MS16-120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
              },
              {
                "name": "93385",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93385"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-10-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1036988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036988"
            },
            {
              "name": "MS16-120",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
            },
            {
              "name": "93385",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93385"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2016-3209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"True Type Font Parsing Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036988",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036988"
                },
                {
                  "name": "MS16-120",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
                },
                {
                  "name": "93385",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93385"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2016-3209",
        "datePublished": "2016-10-14T01:00:00.000Z",
        "dateReserved": "2016-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:47:59.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }