Msrc Microsoft Office 2019 vulnerabilities

CVE-2023-38545 [CRITICAL] CWE-122 Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow FAQ: 1. When will an update be available to address this vulnerability? UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. See the Security Updates table in this CVE for the applicable Windows update KB numbers. Windows secur

CVE-2023-24910 [HIGH] CWE-476 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2023-21716 [CRITICAL] CWE-190 Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability FAQ: What is the attack vector for this vulnerability? An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector.

CVE-2022-26934 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability require

CVE-2022-21840 [HIGH] Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit

CVE-2021-40454 [MEDIUM] Rich Text Edit Control Information Disclosure Vulnerability Rich Text Edit Control Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover cleartext passwords from memory. Rich Text Edit Control: Rich Text Edit Control Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2021-28455 [HIGH] Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: How do the security updates address this vulnerability? The security updates address the vulnerability by providing the ability to configure the Jet Red Data

CVE-2021-28453 [HIGH] Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Microsoft Office Word: Microsoft Office Word Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Refere

CVE-2021-27054 [HIGH] Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: Are the updates for the Microsoft Office 2019 for Mac currently available? The security update for Microsoft Office 2019 for Mac is not immediately available. The update will be released as soon as possible, and when it is available, customers will be not

CVE-2021-27057 [HIGH] Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files. FAQ: Are the updates for the Microsoft Office 2019 for Mac currently available? The

CVE-2021-1715 [HIGH] Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Microsoft Office: Microsoft Office Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Li

CVE-2021-1716 [HIGH] Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Microsoft Office: Microsoft Office Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Li

CVE-2021-1714 [HIGH] Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Microsoft Office: Microsoft Office Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less

CVE-2020-16929 [HIGH] Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the aff

CVE-2020-1335 [HIGH] Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affe

CVE-2020-1218 [HIGH] Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with

CVE-2020-1495 [HIGH] Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affe

CVE-2020-1583 [HIGH] Microsoft Word Information Disclosure Vulnerability Microsoft Word Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker mus

CVE-2020-1503 [MEDIUM] Microsoft Word Information Disclosure Vulnerability Microsoft Word Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker m

CVE-2020-1342 [MEDIUM] Microsoft Office Information Disclosure Vulnerability Microsoft Office Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted fil