446 matches found
CVE-2020-1335
CVE-2020-1335 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker could run arbitrary code in the user’s context, potentially taking full control if the user has admin rights. Exploitation requires the user to open a specially crafte...
CVE-2025-27751
CVE-2025-27751 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel, enabling an attacker to run code locally. Public materials in the connected set confirm an in-Excel object lifecycle issue is exploited via crafted DOCX payloads to achieve code executi...
CVE-2017-11877
CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...
CVE-2019-1327
CVE-2019-1327 is a remote code execution vulnerability in Microsoft Excel caused by improper handling of objects in memory. The Red Hat records also list CVE-2019-1331 as related, sharing the same underlying issue. Public sources in the provided documents describe the issue but do not include con...
CVE-2019-0669
CVE-2019-0669 is an information-disclosure vulnerability in Microsoft Excel where memory contents can be disclosed when a crafted document is opened. The issue arises from Excel failing to properly isolate or protect memory contents during document processing, enabling an attacker to obtain data ...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2021-43256
CVE-2021-43256 is an Microsoft Excel remote code execution vulnerability. Connected documents confirm the flaw affects Microsoft Excel as part of Office product updates and reference CVE-2021-43256 in December 2021 security updates. The vulnerability is described as enabling remote code execution...
CVE-2015-2520
CVE-2015-2520 affects Microsoft Office components including Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer. The root cause is a memory corruption due to improper handling of objects in memory, leading to remote code execution when a crafte...
CVE-2019-1446
CVE-2019-1446 describes an information-disclosure vulnerability in Microsoft Excel/Office where memory contents may be exposed due to improper handling of memory objects. The issue is discussed in connected Nessus/OpenVAS entries tied to November 2019 Office/Excel security updates, indicating aff...
CVE-2017-0020
Technical details for CVE-2017-0020 are not publicly provided in the connected documents. No explicit affected products, root cause, or remediation are described here. Monitor for updates from official advisories and addenda.
CVE-2020-17130
CVE-2020-17130 is a Microsoft Excel Security Feature Bypass vulnerability affecting Excel 2016 (and possibly related C2R/office builds). The incident described in public CVE records indicates a security feature bypass in Excel; the provided documents do not specify the exact vulnerable component ...
CVE-2021-27053
CVE-2021-27053 is a Microsoft Excel remote code execution vulnerability. Multiple connected sources describe it as affecting Microsoft Excel products with a remote code execution flaw that can allow an attacker to bypass authentication and execute arbitrary commands. The issue is discussed across...
CVE-2021-27057
CVE-2021-27057 is a Microsoft Office/Excel remote code execution vulnerability. Public sources describe it as a vulnerability in Microsoft Office/Excel components that can lead to remote code execution when handling certain Office/Excel content, with a local attack vector and user interaction req...
CVE-2025-21387
CVE-2025-21387 is a Microsoft Excel remote code execution vulnerability tied to Office/Excel 2016. Public advisories and the Microsoft KB describe an Excel RCE issue that is fixed by the February 2025 Office 2016 security update KB5002684 (MSKB). The fix applies to MSI-based Office 2016 installat...
CVE-2016-3279
CVE-2016-3279 is a remote code execution vulnerability in multiple Microsoft Office components (e.g., Excel, Word, PowerPoint, Word Automation Services, Office Web Apps) that can be triggered by processing a crafted XLA file. Affected products include Office 2010 SP2, 2013 SP1/RT SP1, 2016, Word ...
CVE-2017-0006
Technical details (affected products, root cause, and remediation) are not provided in the connected documents beyond the initial CVE summary; monitor for updates.
CVE-2017-8510
CVE-2017-8510 describes a remote code execution vulnerability in Microsoft Office caused by improper handling of objects in memory. The CVE entry notes an Office remote code execution risk with a high impact (C/H/I/A) and a network attack vector, requiring user interaction. The description provid...
CVE-2018-0796
CVE-2018-0796 is a remote code execution vulnerability affecting Microsoft Excel in Office 2007–2016 due to how in-memory objects are handled. The core issue enables an attacker to run arbitrary code when a crafted file is opened, with a CVSS v3 base score of 8.8 (HIGH) and NETWORK attack vector,...
CVE-2020-1332
CVE-2020-1332 is a Microsoft Excel remote code execution vulnerability. It arises when Excel fails to correctly handle objects in memory, allowing an attacker to run arbitrary code in the context of the user. If the user has administrative rights, the attacker could take full control of the affec...
CVE-2025-27750
CVE-2025-27750 is a real vulnerability affecting Microsoft Excel within Microsoft Office. The connected sources confirm a use-after-free condition in Excel that allows an attacker to execute arbitrary code locally. The CVSSv3.1 vector (LOCAL, Privileges NONE, User Interaction REQUIRED) yields a b...
CVE-2020-17065
CVE-2020-17065 is a Microsoft Excel remote code execution vulnerability. Based on connected documents, the issue is tied to Microsoft Office Excel components and is addressed in November 2020 security updates (Office product family including Excel 2010/2013 and related C2R deployments). Nessus/NV...
CVE-2024-43465
CVE-2024-43465 is an Elevation of Privilege vulnerability affecting Microsoft Excel components in Office products. The connected documents indicate the issue is addressed by official security updates (e.g., KB5002601 for Office Online Server and KB5002605 for Excel 2016) released September 10, 20...
CVE-2026-44803
CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...
CVE-2016-3233
CVE-2016-3233 concerns Microsoft Office memory corruption affecting Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3. A crafted Office document can trigger a memory corruption that allows remote code execution. Exploitation requires a user to open the specially crafted file (user...
CVE-2016-3358
CVE-2016-3358 affects Microsoft Office and Excel components across Windows and Mac platforms (Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; Office Online Server; Office Viewer; SharePoint Excel Services). The vulnerability is described as a memory corruption in Office applications that a...
CVE-2017-0052
The CVE affects Microsoft Office components: Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3. It is a memory corruption vulnerability exploitable via a crafted document, potentially allowing remote code execution or denial of service. ...
CVE-2018-8627
CVE-2018-8627 (Microsoft Excel information disclosure) : An information-disclosure flaw in Excel when reading memory out of bounds due to an uninitialized variable. Affected products include Microsoft Office/Excel and related viewers. Exploitation requires opening a specially crafted file; succes...
CVE-2021-24067
CVE-2021-24067 is Microsoft Excel Remote Code Execution Vulnerability. Publicly documented as affecting Excel; remediation cited via February 2021 security updates (KB4493196) for Excel 2016 and related Office components, and broader Office update bundles addressing this and related CVEs. Connect...
CVE-2015-2555
The CVE-2015-2555 entry describes a use-after-free in Microsoft Excel (2010 SP2, 2013 SP1, 2013 RT SP1, 2016, plus Excel for Mac 2011/2016 and Excel Services on SharePoint Server 2010 SP2/2013 SP1) triggered by a crafted calculatedColumnFormula object in an Office document, allowing remote code e...
CVE-2020-1497
CVE-2020-1497 is an information disclosure vulnerability in Microsoft Excel. The issue arises when Excel improperly discloses contents of memory due to how objects are handled in memory; an attacker could craft a document and convince a user to open it to exfiltrate memory contents. The core root...
CVE-2020-17064
Technical details about CVE-2020-17064 are not publicly provided in the supplied documents. Current sources only reference an Excel remote code execution vulnerability and indicate it was included in November 2020 Office updates. Monitor for official advisories for impacted versions, root cause, ...
CVE-2011-0105
CVE-2011-0105 describes a buffer overflow in Microsoft Excel-related components caused by obtaining a length value from an uninitialized memory location, enabling remote code execution via a crafted Excel file. Affected products listed in the provided sources include Excel 2002 SP3, Office for Ma...
CVE-2017-0027
CVE-2017-0027 affects Microsoft Office products including Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1. Description: information disclosure from process memory when processing a crafted Office docume...
CVE-2018-8147
CVE-2018-8147 is a remote code execution vulnerability in Microsoft Excel (Office) tied to improper handling of in-memory objects. The issue could allow an attacker to run arbitrary code in the context of the current user, potentially taking control of the affected system, as described in multipl...
CVE-2020-17067
CVE-2020-17067 refers to a Microsoft Excel Security Feature Bypass vulnerability. Affected product: Microsoft Excel/Office components; root cause: security feature bypass in Excel. CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW complexity, NONE privileges, user interaction REQUIRED;...
CVE-2010-0822
CVE-2010-0822 describes a stack-based overflow in Excel’s object (OBJ) record parser. The vulnerability permits remote code execution via a specially crafted Excel file and affects Excel 2002 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac (per the initial entry). Public...
CVE-2015-0085
CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...
CVE-2017-0194
CVE-2017-0194 affects Microsoft Excel 2007 SP3, Excel 2010 SP2 and Office Compatibility Pack SP2. It is an Information Disclosure vulnerability where crafted Office documents can cause memory objects to disclose sensitive memory contents due to improper handling of memory. Root cause: improper ha...
CVE-2017-8632
CVE-2017-8632 describes a remote code execution vulnerability in Microsoft Office products caused by improper handling of in-memory objects (memory corruption). Affected are Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Web Apps 2013, Excel for Mac 2011, Excel 20...
CVE-2018-8502
CVE-2018-8502 is an Excel remote code execution vulnerability in Microsoft Excel (and adjacent Office components) caused by improper handling of objects in Protected View. The issue allows arbitrary code execution in the context of the current user, with the attacker potentially gaining full cont...
CVE-2020-1504
CVE-2020-1504 is a remote code execution flaw in Microsoft Excel caused by improper handling of in-memory objects. The vulnerability allows arbitrary code execution in the caller’s context if a user opens a specially crafted Excel file. The NVD entry (CVSS:3.1 base score 8.8; impact high on confi...
CVE-2021-24069
CVE-2021-24069 is an Excel remote code execution vulnerability (Microsoft Excel/Office components). Public details in connected sources indicate a vulnerability class: remote code execution via Excel, with affected products spanning Microsoft Excel/Office versions referenced in Microsoft advisori...
CVE-2025-24081
CVE-2025-24081 is a Microsoft Excel/Office vulnerability described as a use-after-free in Excel that enables local arbitrary code execution. The CVSS v3.1 vector indicates a high-severity, local-execution flaw (AV: Local, AC: Low, PR: None, UI: Required, S: Unchanged, C/I/A: High). The vulnerabil...
CVE-2008-0081
CVE-2008-0081 corresponds to the Macro Validation Vulnerability in Microsoft Excel and related Office components. A remote code execution flaw exists when opening specially crafted Excel files with macros, caused by improper validation of macro/memory handling, affecting Excel 2000 SP3 through 20...
CVE-2016-0012
CVE-2016-0012 affects Microsoft Office suite (2007–2016 and related components) and is described as a security feature/ASLR bypass vulnerability. Connected OpenVAS entries explicitly reference remote bypass vectors in Office components (PowerPoint, Visio, Word, Excel, VB runtime) and note exploit...
CVE-2021-24070
CVE-2021-24070 is a Microsoft Excel remote code execution vulnerability. The connected documentation provides concrete details: affected product is Microsoft Excel (examples include Excel 2016/Office 2016 installations) and the vulnerability is described as allowing remote code execution. The Mic...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2024-43106
Microsoft Excel on macOS (version 16.83) is vulnerable to a library-injection issue that lets a malicious app inject a library and piggyback on Excel’s entitlements to perform actions with the app’s permissions. The root cause is the combination of Hardened Runtime with com.apple.security.cs.disa...
CVE-2010-0821
CVE-2010-0821 is identified in connected advisories as the Excel SXVIEW record parsing memory corruption vulnerability. It allows remote code execution if a user opens a specially crafted Excel file, due to improper parsing of SXVIEW structures. Exploitation requires user interaction (opening a c...
CVE-2017-8501
CVE-2017-8501 is described across connected CNVD/OpenVAS entries as a memory corruption vulnerability in Microsoft Office components (notably Word/Excel/SharePoint) that can be triggered by specially crafted files to yield remote code execution or DoS under the current user. The root cause cited ...