Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office multiple security vulnerabilities
Published:13.11.2013
Source:
SecurityVulns ID:13399
Type:client
Threat Level:
7/10
Description:Buffer overflow and memory corruption in Microsoft Word, memory corruption on WPD parsing, Outlook information leakage.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability.")
 CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability.")
 CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability.")
 CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability.")
Files:Microsoft Security Bulletin MS13-091 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
 Microsoft Security Bulletin MS13-094 - Important Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod