Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Office
Опубликовано:14 января 2015 г.
Источник:
SecurityVulns ID:14212
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти, переполнение индекса массива, использование памяти после освобождения, неинициализированные указатели.
Затронутые продукты:MICROSOFT : Office 2007
 MICROSOFT : Office 2012
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability.")
 CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability.")
 CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability.")
 CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability.")
 CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability.")
Файлы: Microsoft Security Bulletin MS14-081 - Critical Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
  Microsoft Security Bulletin MS14-082 - Important Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
  Microsoft Security Bulletin MS14-083 - Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород