Microsoft Office 2013 RT Service Pack 1

CPE Details

Microsoft Office 2013 RT Service Pack 1
microsoft
office
2013_rt
2018-05-14
15h38 +00:00
2021-05-18
15h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

office

Version

2013_rt

Update

sp1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36896 2023-08-08 17h08 +00:00 Microsoft Excel Remote Code Execution Vulnerability
7.8
High
CVE-2023-36895 2023-08-08 17h08 +00:00 Microsoft Outlook Remote Code Execution Vulnerability
7.8
High
CVE-2022-26901 2022-04-15 17h05 +00:00 Microsoft Excel Remote Code Execution Vulnerability
7.8
High
CVE-2022-22003 2022-02-09 15h36 +00:00 Microsoft Office Graphics Remote Code Execution Vulnerability
7.8
High
CVE-2021-43255 2021-12-15 13h15 +00:00 Microsoft Office Trust Center Spoofing Vulnerability
5.5
Medium
CVE-2021-42293 2021-12-15 13h14 +00:00 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
6.5
Medium
CVE-2021-40454 2021-10-12 22h26 +00:00 Rich Text Edit Control Information Disclosure Vulnerability
5.5
Medium
CVE-2018-1028 2018-04-11 23h00 +00:00 A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
8.8
High
CVE-2007-3282 2007-06-19 20h00 +00:00 Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.
7.8
CVE-2007-3109 2007-06-07 19h00 +00:00 The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
6.4
CVE-2006-1311 2007-02-13 19h00 +00:00 The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
9.3
CVE-2006-4694 2006-09-27 17h00 +00:00 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
9.3
CVE-2006-1540 2006-03-30 09h00 +00:00 MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
9.3
CVE-2005-2127 2005-08-19 02h00 +00:00 Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
7.5
CVE-2004-0848 2005-02-08 04h00 +00:00 Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
7.5
CVE-1999-0794 2000-01-04 04h00 +00:00 Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
4.6