415 matches found
CVE-2011-1988
Microsoft Excel heap memory corruption vulnerability (MS11-072) tied to parsing BIFF2 records in Excel files can allow remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, Office 2007 SP2, Office for Mac variants, Open XML Converter for Mac, Excel Viewer SP2, and related Mac...
CVE-2013-1315
CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...
CVE-2020-0652
CVE-2020-0652 is a remote code execution vulnerability in Microsoft Office caused by improper handling of memory objects. The NVD entry lists a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH), indicating a local exploit requiring user interaction an...
CVE-2021-31175
CVE-2021-31175 is a Microsoft Office/Excel remote code execution vulnerability described as a Microsoft Office Remote Code Execution Vulnerability. Connection documents confirm it is part of a set of Office/Excel remote code execution vulnerabilities addressed by May 2021 security updates (e.g., ...
CVE-2019-1263
CVE-2019-1263 — Microsoft Excel Information Disclosure . The connected Nessus/Office update docs confirm an information disclosure in Excel where memory contents may be exposed. The vulnerability is tied to Excel's handling of in-memory objects, enabling potential leakage of sensitive data. The O...
CVE-2023-36037
CVE-2023-36037 is a Microsoft Excel security feature bypass vulnerability. Public sources label it as a high-severity, local-access issue with high impact to confidentiality, integrity, and availability (CVSSv3.1: AV=L, AC=L, PR=None, UI=Required, S=U, C/H/I/A=H). Exploitation status is not discl...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2012-2543
CVE-2012-2543 is a stack-based buffer overflow in Microsoft Excel components (Windows: Excel 2007 SP2/SP3, Excel 2010 SP1; Mac: Office 2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability arises while handling crafted spreadsheets, enabling remote code execution. Connected so...
CVE-2020-1496
CVE-2020-1496 is a Microsoft Excel remote code execution vulnerability where the app fails to properly handle objects in memory. The issue allows an attacker to run arbitrary code in the context of the current user, with higher impact if the user has administrative rights. Exploitation requires a...
CVE-2020-17125
CVE-2020-17125 is a Microsoft Excel Remote Code Execution vulnerability. The connected Nessus/Excel update references confirm: exploit requires a user, local access, and a specially crafted Excel file can trigger arbitrary code execution on affected Office/Excel builds. Remediation is available v...
CVE-2009-3130
CVE-2009-3130 corresponds to the Excel Document Parsing Heap Overflow vulnerability. Affected software includes Microsoft Office Excel 2002 SP3, Excel 2003 and newer on Windows via BIFF parsing, and Office for Mac variants plus the Open XML File Format Converter for Mac. The root cause is imprope...
CVE-2020-17129
CVE-2020-17129 is a Microsoft Excel remote code execution vulnerability documented in multiple sources linked to the December 2020 Excel security updates. The Nessus plugin groups this CVE with other Excel RCE flaws and notes that affected Office/Excel products were missing security updates, impl...
CVE-2022-22716
CVE-2022-22716 affects Microsoft Excel (part of Office) with an information-disclosure vulnerability. Publicly documented impact is disclosure of potentially sensitive information. Microsoft and third-party advisories reference Excel-specific fixes in February 2022 security updates (e.g., KB50021...
CVE-2021-1713
CVE-2021-1713 corresponds to a Microsoft Excel remote code execution vulnerability affecting Office/Excel products. The connected documents confirm multiple Office-related CVEs in January 2021 (CVE-2021-1713 among others) with Microsoft security updates issued in that period. The provided sources...
CVE-2021-31178
CVE-2021-31178 is described in the connected documents as an information-disclosure vulnerability in Microsoft Office. The Nessus/OpenVAS entries reference this CVE as part of the Office May 2021 vulnerability set and note affected products (Office/Excel) and the need for security updates, listin...
CVE-2011-0097
CVE-2011-0097 is a Microsoft Excel integer-overflow in the 400h substream parsing that can trigger a stack-based buffer overflow and remote code execution. Affected are Excel on Windows (2002 SP3/2003 SP3/2007 SP2/2010) and Mac variants, plus related File Format converters/viewers. The vulnerabil...
CVE-2012-0141
CVE-2012-0141 affects Microsoft Excel and related Office components across Windows and Mac platforms (Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1/Gold, Office 2011 for Mac, Excel Viewer, Office Compatibility Pack). The root cause is memory corruption during parsing/opening specially crafted Excel/RTF ...
CVE-2020-1494
CVE-2020-1494 details (Excel RCE): Microsoft Excel contains a remote code execution vulnerability due to improper handling of in-memory objects. An attacker can run arbitrary code in the context of the current user, potentially taking control of the system if the user has administrative rights. E...
CVE-2025-21362
CVE-2025-21362 is Microsoft Excel remote code execution vulnerability. Connected CNVD-2025-02966 describes it as a Microsoft Excel resource management error that could allow an attacker to remotely execute code. Public references indicate Microsoft released January 2025 security updates (KB500267...
CVE-2012-1885
CVE-2012-1885 is a heap-based buffer overflow in Microsoft Excel components that affects Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008/2011, and Office Compatibility Pack SP2/SP3. The root cause is a SerAuxErrBar heap overflow triggered by processing a crafted spreadsheet, enabling ...
CVE-2013-3158
CVE-2013-3158 affects Microsoft Excel 2003 SP3 and 2007 SP3, where memory corruption in parsing crafted Office documents can lead to remote code execution or denial of service. Root cause is memory corruption within Excel’s handling of Office file content. Exploitation details are not provided in...
CVE-2020-0906
Microsoft Excel contains a remote code execution vulnerability (CVE-2020-0906) where the application fails to properly handle objects in memory, allowing code to run in the attacker’s context. The Nessus updates describe Excel-specific RCEs and note that Office products were missing updates as of...
CVE-2020-17127
CVE-2020-17127 is a Microsoft Excel remote code execution vulnerability associated with the December 2020 Excel security updates. Affected product: Microsoft Excel (Office). The provided documents confirm Excel RCEs across multiple CVEs (including 17127) and that patches were released in December...
CVE-2012-0143
CVE-2012-0143 affects Microsoft Excel 2003 SP3 and Office 2008 for Mac, where memory corruption during file opening can allow remote code execution via a crafted spreadsheet. The vulnerability is part of a family including CVE-2012-0141/0142/0143/0143/0184 (and related) affecting Office component...
CVE-2011-1273
Microsoft Excel (Windows: 2002/2003/2007/2010; Mac: 2004/2008/2011; Open XML Converter for Mac; Excel Viewer; Office Compatibility Pack) is affected by CVE-2011-1273 due to improper validation/parsing of Excel records. Multiple advisories attribute the issue to parsing errors (record-type handlin...
CVE-2020-1495
CVE-2020-1495 (Microsoft Excel) : A remote code execution via memory corruption in Excel occurs when the application fails to correctly handle objects in memory. An attacker who can lure a user to open a specially crafted Excel file (e.g., via email or a website) could execute arbitrary code in t...
CVE-2021-31174
CVE-2021-31174 is a Microsoft Excel information-disclosure vulnerability. The CVSSv3.1 base score is 5.5 (MEDIUM) with LOCAL attack vector, LOW attack complexity, and HIGH confidentiality impact (I:N, C:H, A:N). Public references in the connected documents indicate this CVE is addressed by the Ex...
CVE-2024-30042
CVE-2024-30042 affects Microsoft Excel (Office suite). The vulnerability enables remote code execution via a crafted file, with a local attack vector and requires user interaction. The CVSS v3.1 base score is 7.8 (HIGH), with confidentiality, integrity, and availability impacts all high; attack v...
CVE-2017-8631
CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...
CVE-2020-0759
CVE-2020-0759 is a Microsoft Excel remote code execution vulnerability. The provided sources consistently describe a flaw where Excel mismanages in‑memory objects, enabling an attacker to execute arbitrary code in the context of the current user. The entry is linked to Microsoft Excel/Office, wit...
CVE-2021-40472
CVE-2021-40472 is an information-disclosure vulnerability in Microsoft Excel. The NVD entry lists CVSS v3.1 impact: confidentiality HIGH with LOCAL attack vector, low complexity, and no user interaction (base score 5.5). CVSS v2.0 reflects a lower base score (2.1). The connected documents confirm...
CVE-2021-38660
CVE-2021-38660 is a Microsoft Office graphics remote code execution vulnerability. The CVE affects Office components handling graphics (e.g., Excel/Office 2013 era) and is associated with a high impact, allowing code execution, reportedly triggered via Office graphics processing. The incident is ...
CVE-2020-0651
CVE-2020-0651 is a remote code execution vulnerability in Microsoft Excel/Office where memory objects are mishandled, allowing arbitrary code execution in the context of the current user via crafted files. Connected documents corroborate that multiple Excel/Office variants (Windows/macOS) and rel...
CVE-2020-1498
CVE-2020-1498 is a remote code execution vulnerability in Microsoft Excel caused by improper handling of objects in memory. An attacker who can lure a user to open a specially crafted Excel file could execute arbitrary code in the user’s context. If the user has administrative rights, the attacke...
CVE-2021-28451
CVE-2021-28451 is a Microsoft Excel remote code execution vulnerability. Public documentation in the initial record shows CVSS v3.1 base score 7.8 (HIGH) with LOCAL, LOW-C, UI:R, CONSEQUENCES: HIGH for confidentiality, integrity, and availability. The connected Microsoft security advisories indic...
CVE-2019-1331
CVE-2019-1331 is a Microsoft Excel remote code execution vulnerability caused by improper handling of in-memory objects. The Red Hat CVE entries and NVD description identify it as an Excel memory‑handling issue that enables RCE when exploited, with no further exploit details provided in the suppl...
CVE-2020-1224
CVE-2020-1224 describes an information-disclosure vulnerability in Microsoft Excel where memory contents could be improperly disclosed. The issue arises when Excel handles objects in memory, allowing an attacker to craft a document that, if opened by a user, could reveal memory contents and poten...
CVE-2021-34518
CVE-2021-34518 is an Excel Remote Code Execution vulnerability affecting Microsoft Excel/Office. NT/LOCAL exploitability is reported when handling Excel files, with Microsoft patching via the July 2021 security updates (e.g., KB5001977 for Excel 2016). Connected sources also reference Nessus plug...
CVE-2019-1464
CVE-2019-1464 is an information disclosure vulnerability in Microsoft Excel where memory contents can be improperly disclosed. The Red Hat entry and Nessus/OpenVAS advisories corroborate that Excel (Office) memory handling flaws enable exposure of user data. The concrete impact stated is informat...
CVE-2020-17126
CVE-2020-17126 is identified as a Microsoft Excel Information Disclosure Vulnerability. The primary entry (NVD/NIST) classifies it under an information disclosure issue with a CVSS v3.1 base score of 5.5 (local access, low privileges, high confidentiality impact; no integrity/availability impact ...
CVE-2025-26642
CVE-2025-26642 is a Microsoft Office remote code execution vulnerability (out-of-bounds read) that allows a local attacker to run code on the victim’s machine. Public details in connected documents indicate the issue affects Office components (e.g., Excel) and can be triggered via crafted inputs ...
CVE-2017-11878
CVE-2017-11878 affects multiple Microsoft Excel/Office components (Excel 2007 SP3, 2017-era Excel/Viewer and Office Compatibility Pack SP3). The vulnerability arises from improper handling of objects in memory, leading to memory corruption that can allow an attacker to execute arbitrary code in t...
CVE-2021-28456
CVE-2021-28456 is a Microsoft Excel information disclosure vulnerability. The CVE is linked to Excel components and is reported in multiple sources as part of a family of vulnerabilities affecting Excel and Office products (e.g., CVE-2021-28449, CVE-2021-28451, CVE-2021-28454). The connected docu...
CVE-2022-41063
CVE-2022-41063 is a Microsoft Excel remote code execution vulnerability. The connected documents confirm Excel as the affected product and cite a remote code execution issue, with the NVD entry providing a CVSSv3.1 score of 7.8 (HIGH) and a Local attack vector with User Interaction required. The ...
CVE-2019-0828
CVE-2019-0828 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects in Excel. The Red Hat advisory and openvas/nessus entries confirm Excel (Office) is affected; the issue can allow remote code execution with the current user’s privileges, potentia...
CVE-2022-41106
CVE-2022-41106 is a Microsoft Excel Remote Code Execution vulnerability. Public details in connected docs describe Excel/Office components as affected and indicate that security updates exist. Remediation in public docs includes security updates: KB5002253 for Excel 2016 (and related Office insta...
CVE-2020-1594
CVE-2020-1594 is a remote-code-execution vulnerability in Microsoft Excel caused by improper handling of in-memory objects. Exploitation requires a user to open a specially crafted Excel file; code could run with the current user’s privileges, and if that user has admin rights, full control of th...
CVE-2022-41104
Technical details about CVE-2022-41104 are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources only confirm a security feature bypass in Microsoft Excel without specifics.
CVE-2020-1335
CVE-2020-1335 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker could run arbitrary code in the user’s context, potentially taking full control if the user has admin rights. Exploitation requires the user to open a specially crafte...
CVE-2017-11877
CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...