Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-22-1598HistoryNov 21, 2022 - 12:00 a.m.
Microsoft Excel FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2022-11-2100:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
7
microsoft excel
fbx file parsing
out-of-bounds read
information disclosure
vulnerability
remote attackers
sensitive information
user interaction
malicious file
parsing
crafted data
allocated buffer
arbitrary code
0.004 Low
EPSS
Percentile
73.1%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in a FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Related
mscve
mscve
Microsoft Office Graphics Remote Code Execution Vulnerability
2022-11-08 08:00:00
zdi
zdi
cvelist
cvelist
CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability
2022-11-09 00:00:00
nvd
nvd
CVE-2022-41107
2022-11-09 22:15:23
cve
cve
CVE-2022-41107
2022-11-09 22:15:23
prion
prion
Remote code execution
2022-11-09 22:15:00
nessus
nessus
Security Updates for Microsoft Office Products C2R (November 2022)
2022-11-28 00:00:00
Security Updates for Microsoft Office Products (Nov 2022) (macOS)
2022-12-19 00:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Nov 2022)
2022-11-09 00:00:00
kaspersky
kaspersky
KLA20044 Multiple vulnerabilities in Microsoft Office
2022-11-08 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2022
2022-11-08 20:02:57