499 matches found
CVE-2023-23397
CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...
CVE-2021-42292
CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...
CVE-2023-28295
CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...
CVE-2021-38646
CVE-2021-38646 is a Microsoft Office Access Connectivity Engine remote code execution vulnerability. The Nessus plugin confirms it affects Office products via the Access connectivity engine and ties remediation to September 2021 Office security updates (e.g., KB5001958 for Office 2013 and KB50019...
CVE-2024-21413
Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the userās NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...
CVE-2023-21715
CVE-2023-21715 is a Microsoft Publisher security feature bypass vulnerability affecting Microsoft 365 Apps for Enterprise. Exploitation allows a specially crafted document to bypass macro defenses and run code that would normally be blocked by policy; the attack is described as local with authent...
CVE-2023-36761
CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...
CVE-2023-35311
Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.
CVE-2023-36762
CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...
CVE-2024-38200
CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://ā¦) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...
CVE-2023-36767
CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...
CVE-2025-59240
CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...
CVE-2023-36763
CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...
CVE-2026-21509
CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...
CVE-2023-36766
CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...
CVE-2025-60728
Microsoft Excel (Office) contains an information-disclosure vulnerability: untrusted pointer dereference in Excel could disclose sensitive data over a network (CVE-2025-60728). Exploitation requires network access and user interaction. The provided documents show a Medium-severity CVSS/impact, an...
CVE-2023-41764
CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...
CVE-2023-28287
CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...
CVE-2024-21378
The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...
CVE-2024-38189
CVE-2024-38189 is a remote code execution vulnerability in Microsoft Project. The CVE description and CNNVD/MSRC references indicate an input validation error in Microsoft Project that can allow remote code execution, with a CVSS v3.1 base score of 8.8 (HIGH) and exploitability requiring user int...
CVE-2024-49033
CVE-2024-49033 ā Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...
CVE-2020-16947
CVE-2020-16947 refers to a remote code execution vulnerability in Microsoft Outlook caused by improper handling of objects in memory. The issue can allow arbitrary code execution in the context of the targeted user, with higher impact if the user account has administrative rights. Exploitation re...
CVE-2022-38048
CVE-2022-38048 ā Microsoft Office Remote Code Execution is documented as an Office remote code execution vulnerability. Public sources in the provided documents identify Office components as affected and indicate that exploitation could result in executing arbitrary code on the userās system. Mic...
CVE-2023-36897
CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...
CVE-2022-24462
CVE-2022-24462 is a Microsoft Word/Office vulnerability described as a Security Feature Bypass. Connected sources also reference CVE-2022-24511 (Word tampering) affecting Word/Office products; several NesĀsus plugins list Word and Office components, with March 2022 updates addressing multiple Off...
CVE-2025-21381
CVE-2025-21381 is a Microsoft Excel remote code execution vulnerability affecting Excel 2016 (KB5002687) and related Office Excel components. Public references indicate an RCE path via Excel, with the initial entry listing Excel as the affected product and the security update KB5002687 fixing it....
CVE-2024-20677
CVE-2024-20677 is a Microsoft Office RCE vulnerability tied to inserting FBX 3D files. MS mitigation disables the FBX insertion feature in Word, Excel, PowerPoint and Outlook on Windows and Mac; affected Office versions (Office 2019, 2021, Office LTSC for Mac 2021, Microsoft 365) lose the ability...
CVE-2022-24510
CVE-2022-24510 affects Microsoft Office Visio and is described as a remote code execution vulnerability. NVD reports base scores of 6.8 (CVSS2.0) and 7.8 (CVSS3.1) with impact on confidentiality, integrity, and availability. The CVSS3.1 vector indicates a local exploit with user interaction requi...
CVE-2024-21379
CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...
CVE-2023-23399
The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...
CVE-2024-26199
CVE-2024-26199 is an Office elevation-of-privilege vulnerability affecting Microsoft Office products (notably Office in Office 365/Click-to-Run and related Office components). Descriptions in multiple sources indicate a privilege-escalation flaw that could grant SYSTEM-level privileges; CVSSv3.1 ...
CVE-2022-34717
CVE-2022-34717 is a Microsoft Office remote code execution vulnerability with impact on Office products such as 2013/2016 and Office 365 (Click-to-Run). The CVSSv3.1 base vector is NETWORK, with HIGH impact on confidentiality, integrity, and availability; attacker needs user interaction. The root...
CVE-2022-24511
Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.
CVE-2021-28455
Technical details about CVE-2021-28455 (affected components, root cause, impact, and fixes) are not publicly provided in the supplied documents; monitor for updates.
CVE-2022-24461
CVE-2022-24461 affects Microsoft Office Visio, with a boundary/EMF processing flaw in EMR_COMMENT_EMFPLUS records that allows remote code execution. Public metadata reports a high-severity impact (CVSSv3.1: Local, Low/None Privilege, UI Required, with High Confidentiality, Integrity, and Availabi...
CVE-2024-21384
CVE-2024-21384 refers to a remote code execution vulnerability in Microsoft Office OneNote. Multiple sources (NVD/CNVD) describe an attacker abusing OneNote to run arbitrary code on a vulnerable system, with the documented impact of full code execution. The CVSS v3.1 vector in the initial documen...
CVE-2022-26901
Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.
CVE-2021-31941
CVE-2021-31941 is described as a Microsoft Office Graphics Remote Code Execution vulnerability. Public records show it as HIGH severity (CVSS3.1 base 7.8) with a LOCAL attack vector and user interaction required; the OpenVAS/Nessus entries reference Microsoft Office Graphics/RCE across various Of...
CVE-2022-30174
CVE-2022-30174 is a Microsoft Office Remote Code Execution vulnerability. Public records (NVD, MSRC, and related feeds) describe it as affecting Microsoft Office/Office components (e.g., Excel, SharePoint) with a root cause leading to arbitrary code execution. The CVSSv3.1 assessment (vector CVSS...
CVE-2022-33632
CVE-2022-33632 is a Microsoft Office security feature bypass vulnerability affecting Office variants (e.g., 2013/2016 and Click-to-Run Office 365). Root cause: bypass of security features in Office; impact per CVSS indicates high integrity impact but no confidentiality/availability impact, with l...
CVE-2023-29344
CVE-2023-29344 is Microsoft Office Remote Code Execution vulnerability affecting multiple Office products (e.g., Word, Excel, Office suite components) with CVSS v3.1 base score 7.8 (HIGH). The linked sources indicate a "Remote Code Execution" issue and, in the NCSC advisory, list CVE-2023-29344 u...
CVE-2022-22003
CVE-2022-22003 : Microsoft Office Graphics Remote Code Execution Vulnerability. The connected Nessus/NASL data indicate this vulnerability allows execution of arbitrary code via a crafted Office Graphics file, requiring a local user to open a malicious file. Remediation is documented in Microsoft...
CVE-2023-24953
CVE-2023-24953 corresponds to a Microsoft Excel remote code execution vulnerability. Public documents describe impact as the ability to execute arbitrary code in Excel, enabling local or user-initiated exploitation. The vulnerability is addressed by Microsoft security updates for Excel (e.g., KB5...
CVE-2021-40442
CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...
CVE-2023-29335
CVE-2023-29335 ā Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...
CVE-2023-28311
CVE-2023-28311 affects Microsoft Word and enables local remote code execution when a user opens a specially crafted Word file. Exploitation requires user interaction (opening a file) and the attack is carried out locally via social engineering. Publicly available details indicate there are public...
CVE-2022-24509
CVE-2022-24509 affects Microsoft Office Visio and is described as a Remote Code Execution Vulnerability. The NVD entry lists a CVSSv3.1 base score of 7.8 (HIGH) with local attack vector, user interaction required, and high impact on confidentiality, integrity, and availability; CVSSv2 indicates b...
CVE-2021-34501
CVE-2021-34501 is described as a Microsoft Excel remote code execution vulnerability. Connected materials identify affected products as Excel in multiple Office suites (including 2013/2016 and Office Online Server variants) and indicate that exploitation could allow remote code execution. Public ...
CVE-2021-34452
CVE-2021-34452 is a Microsoft Word remote code execution vulnerability affecting Word/Office components. Documented CVSSv3.1 score 7.8 HIGH with LOCAL attack vector, LOW complexity, NONE privileges, UI interaction required, and HIGH confidentiality/integrity/availability impacts. The vulnerabilit...
CVE-2020-1446
The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...