6 matches found
CVE-2020-16929
CVE-2020-16929 (Microsoft Excel RCE) is a remote code execution vulnerability caused by improper handling of in-memory objects. Successful exploitation requires a user to open a specially crafted Excel file, via email or web-hosted lure. If the user runs with administrative rights, an attacker co...
CVE-2017-8631
CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...
CVE-2017-0195
CVE-2017-0195 affects Microsoft SharePoint/Office Web Apps stack (e.g., SharePoint Server, Excel Services, Excel Web Apps, Office Web Apps Server, Office Online Server). The vulnerability enables remote attackers to perform cross-site scripting and to run script with local user privileges via a c...
CVE-2015-1682
Microsoft Office Multiple Remote Code Execution Vulnerabilities (CVE-2015-1682) affect Office/SharePoint components across Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, Word/Excel/PowerPoint/SharePoint-related services, etc. Root cause: memory corruption triggered by processing a crafted...
CVE-2015-6037
CVE-2015-6037 is an XSS vulnerability affecting Microsoft Office Web Apps/Excel Services across SharePoint Server 2010 SP2, SharePoint 2013 SP1, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1 and SharePoint Foundation 2013 SP1. The issue allows remote authenticated users to inject arbitr...
CVE-2011-1989
CVE-2011-1989 corresponds to a vulnerability in Microsoft Excel and related Office components where conditional expressions used for formatting could be parsed incorrectly. A crafted spreadsheet could lead to remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, 2010 SP1, Off...