Vulnerabilities for Excel web app (...) - CXSECURITY.COM

Vulnerabilities for 'Excel web app'

2020-10-16

CVE-2020-16929

CWE-416

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.

2017-04-12

CVE-2017-0195

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

2015-10-13

CVE-2015-6037

CWE-79

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."

2015-05-13

CVE-2015-1682

CWE-119

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

2011-09-15

CVE-2011-1989

CWE-20

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

>>> Vendor: Microsoft 622 Products

Exchange server

Internet information server

Personal web server

Backoffice resource kit

Terminal server

Java virtual machine

Commercial internet system

Site server commerce

Outlook express

Windows explorer

Data access components

Zero administration kit

Msn setup bulletin board services

Visual interdev

Office converter pack

Systems management server

Virtual machine

Home publishing

Windows media services

Windows messaging

Windows media rights manager

Active movie control

Network monitor

Windows media player

Indexing service

Windows script host

Frontpage server extensions

Windows 2000 terminal services

Commerce server

Xml core services

Msn chat control

Msn messenger service for exchange

Windows 98 plus pack

Microsoft data access components

Metadirectory services

Content management server

Tsac activex control

Office web components

Ie for macintosh

.net windows server

Directx files viewer control

File transfer manager

Baseline security analyzer

Foundation class library

Windows 2003 server

Network firmware

Wordperfect converter

See all Products for Vendor Microsoft

Copyright 2024, cxsecurity.com