Lucene search
+L
MicrosoftExcel

446 matches found

CVE
CVE
added 2020/09/11 5:9 p.m.120 views

CVE-2020-1335

CVE-2020-1335 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker could run arbitrary code in the user’s context, potentially taking full control if the user has admin rights. Exploitation requires the user to open a specially crafte...

8.8CVSS8.6AI score0.03665EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.120 views

CVE-2025-27751

CVE-2025-27751 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel, enabling an attacker to run code locally. Public materials in the connected set confirm an in-Excel object lifecycle issue is exploited via crafted DOCX payloads to achieve code executi...

7.8CVSS7.8AI score0.0211EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.119 views

CVE-2017-11877

CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...

5.5CVSS6.2AI score0.04546EPSS
CVE
CVE
added 2019/10/10 1:28 p.m.118 views

CVE-2019-1327

CVE-2019-1327 is a remote code execution vulnerability in Microsoft Excel caused by improper handling of objects in memory. The Red Hat records also list CVE-2019-1331 as related, sharing the same underlying issue. Public sources in the provided documents describe the issue but do not include con...

9.3CVSS8.8AI score0.12627EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.117 views

CVE-2019-0669

CVE-2019-0669 is an information-disclosure vulnerability in Microsoft Excel where memory contents can be disclosed when a crafted document is opened. The issue arises from Excel failing to properly isolate or protect memory contents during document processing, enabling an attacker to obtain data ...

6.5CVSS5.9AI score0.0643EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.116 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.115 views

CVE-2021-43256

CVE-2021-43256 is an Microsoft Excel remote code execution vulnerability. Connected documents confirm the flaw affects Microsoft Excel as part of Office product updates and reference CVE-2021-43256 in December 2021 security updates. The vulnerability is described as enabling remote code execution...

7.8CVSS7.8AI score0.02064EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.114 views

CVE-2015-2520

CVE-2015-2520 affects Microsoft Office components including Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer. The root cause is a memory corruption due to improper handling of objects in memory, leading to remote code execution when a crafte...

9.3CVSS7.5AI score0.2769EPSS
CVE
CVE
added 2019/11/12 6:53 p.m.114 views

CVE-2019-1446

CVE-2019-1446 describes an information-disclosure vulnerability in Microsoft Excel/Office where memory contents may be exposed due to improper handling of memory objects. The issue is discussed in connected Nessus/OpenVAS entries tied to November 2019 Office/Excel security updates, indicating aff...

5.5CVSS5.6AI score0.08357EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.113 views

CVE-2017-0020

Technical details for CVE-2017-0020 are not publicly provided in the connected documents. No explicit affected products, root cause, or remediation are described here. Monitor for updates from official advisories and addenda.

9.3CVSS6.7AI score0.16387EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.113 views

CVE-2020-17130

CVE-2020-17130 is a Microsoft Excel Security Feature Bypass vulnerability affecting Excel 2016 (and possibly related C2R/office builds). The incident described in public CVE records indicates a security feature bypass in Excel; the provided documents do not specify the exact vulnerable component ...

6.5CVSS6.4AI score0.02247EPSS
CVE
CVE
added 2021/03/11 3:46 p.m.113 views

CVE-2021-27053

CVE-2021-27053 is a Microsoft Excel remote code execution vulnerability. Multiple connected sources describe it as affecting Microsoft Excel products with a remote code execution flaw that can allow an attacker to bypass authentication and execute arbitrary commands. The issue is discussed across...

7.8CVSS7.6AI score0.03571EPSS
CVE
CVE
added 2021/03/11 3:48 p.m.113 views

CVE-2021-27057

CVE-2021-27057 is a Microsoft Office/Excel remote code execution vulnerability. Public sources describe it as a vulnerability in Microsoft Office/Excel components that can lead to remote code execution when handling certain Office/Excel content, with a local attack vector and user interaction req...

7.8CVSS7.8AI score0.03122EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.113 views

CVE-2025-21387

CVE-2025-21387 is a Microsoft Excel remote code execution vulnerability tied to Office/Excel 2016. Public advisories and the Microsoft KB describe an Excel RCE issue that is fixed by the February 2025 Office 2016 security update KB5002684 (MSKB). The fix applies to MSI-based Office 2016 installat...

7.8CVSS7.9AI score0.00916EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.112 views

CVE-2016-3279

CVE-2016-3279 is a remote code execution vulnerability in multiple Microsoft Office components (e.g., Excel, Word, PowerPoint, Word Automation Services, Office Web Apps) that can be triggered by processing a crafted XLA file. Affected products include Office 2010 SP2, 2013 SP1/RT SP1, 2016, Word ...

5.5CVSS6.8AI score0.16423EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.112 views

CVE-2017-0006

Technical details (affected products, root cause, and remediation) are not provided in the connected documents beyond the initial CVE summary; monitor for updates.

9.3CVSS6.7AI score0.16607EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.112 views

CVE-2017-8510

CVE-2017-8510 describes a remote code execution vulnerability in Microsoft Office caused by improper handling of objects in memory. The CVE entry notes an Office remote code execution risk with a high impact (C/H/I/A) and a network attack vector, requiring user interaction. The description provid...

9.3CVSS7.2AI score0.22127EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.112 views

CVE-2018-0796

CVE-2018-0796 is a remote code execution vulnerability affecting Microsoft Excel in Office 2007–2016 due to how in-memory objects are handled. The core issue enables an attacker to run arbitrary code when a crafted file is opened, with a CVSS v3 base score of 8.8 (HIGH) and NETWORK attack vector,...

9.3CVSS8.8AI score0.23257EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.112 views

CVE-2020-1332

CVE-2020-1332 is a Microsoft Excel remote code execution vulnerability. It arises when Excel fails to correctly handle objects in memory, allowing an attacker to run arbitrary code in the context of the user. If the user has administrative rights, the attacker could take full control of the affec...

8.8CVSS8.7AI score0.03665EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.112 views

CVE-2025-27750

CVE-2025-27750 is a real vulnerability affecting Microsoft Excel within Microsoft Office. The connected sources confirm a use-after-free condition in Excel that allows an attacker to execute arbitrary code locally. The CVSSv3.1 vector (LOCAL, Privileges NONE, User Interaction REQUIRED) yields a b...

7.8CVSS7.8AI score0.00825EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.110 views

CVE-2020-17065

CVE-2020-17065 is a Microsoft Excel remote code execution vulnerability. Based on connected documents, the issue is tied to Microsoft Office Excel components and is addressed in November 2020 security updates (Office product family including Excel 2010/2013 and related C2R deployments). Nessus/NV...

9.3CVSS7.8AI score0.03824EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.110 views

CVE-2024-43465

CVE-2024-43465 is an Elevation of Privilege vulnerability affecting Microsoft Excel components in Office products. The connected documents indicate the issue is addressed by official security updates (e.g., KB5002601 for Office Online Server and KB5002605 for Excel 2016) released September 10, 20...

7.8CVSS7.6AI score0.008EPSS
CVE
CVE
added 2026/06/09 5:6 p.m.110 views

CVE-2026-44803

CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...

7.8CVSS5.7AI score0.00437EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.109 views

CVE-2016-3233

CVE-2016-3233 concerns Microsoft Office memory corruption affecting Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3. A crafted Office document can trigger a memory corruption that allows remote code execution. Exploitation requires a user to open the specially crafted file (user...

9.3CVSS7.2AI score0.14825EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.109 views

CVE-2016-3358

CVE-2016-3358 affects Microsoft Office and Excel components across Windows and Mac platforms (Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; Office Online Server; Office Viewer; SharePoint Excel Services). The vulnerability is described as a memory corruption in Office applications that a...

9.3CVSS7.7AI score0.18434EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.109 views

CVE-2017-0052

The CVE affects Microsoft Office components: Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3. It is a memory corruption vulnerability exploitable via a crafted document, potentially allowing remote code execution or denial of service. ...

9.3CVSS6.7AI score0.16607EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.109 views

CVE-2018-8627

CVE-2018-8627 (Microsoft Excel information disclosure) : An information-disclosure flaw in Excel when reading memory out of bounds due to an uninitialized variable. Affected products include Microsoft Office/Excel and related viewers. Exploitation requires opening a specially crafted file; succes...

5.5CVSS4.9AI score0.08185EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.109 views

CVE-2021-24067

CVE-2021-24067 is Microsoft Excel Remote Code Execution Vulnerability. Publicly documented as affecting Excel; remediation cited via February 2021 security updates (KB4493196) for Excel 2016 and related Office components, and broader Office update bundles addressing this and related CVEs. Connect...

7.8CVSS7.6AI score0.02321EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.107 views

CVE-2015-2555

The CVE-2015-2555 entry describes a use-after-free in Microsoft Excel (2010 SP2, 2013 SP1, 2013 RT SP1, 2016, plus Excel for Mac 2011/2016 and Excel Services on SharePoint Server 2010 SP2/2013 SP1) triggered by a crafted calculatedColumnFormula object in an Office document, allowing remote code e...

9.3CVSS7.4AI score0.20151EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.107 views

CVE-2020-1497

CVE-2020-1497 is an information disclosure vulnerability in Microsoft Excel. The issue arises when Excel improperly discloses contents of memory due to how objects are handled in memory; an attacker could craft a document and convince a user to open it to exfiltrate memory contents. The core root...

5.5CVSS6.5AI score0.04639EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.107 views

CVE-2020-17064

Technical details about CVE-2020-17064 are not publicly provided in the supplied documents. Current sources only reference an Excel remote code execution vulnerability and indicate it was included in November 2020 Office updates. Monitor for official advisories for impacted versions, root cause, ...

7.8CVSS7.8AI score0.03168EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.106 views

CVE-2011-0105

CVE-2011-0105 describes a buffer overflow in Microsoft Excel-related components caused by obtaining a length value from an uninitialized memory location, enabling remote code execution via a crafted Excel file. Affected products listed in the provided sources include Excel 2002 SP3, Office for Ma...

9.3CVSS7.8AI score0.71129EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.106 views

CVE-2017-0027

CVE-2017-0027 affects Microsoft Office products including Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1. Description: information disclosure from process memory when processing a crafted Office docume...

4.7CVSS5AI score0.22552EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.106 views

CVE-2018-8147

CVE-2018-8147 is a remote code execution vulnerability in Microsoft Excel (Office) tied to improper handling of in-memory objects. The issue could allow an attacker to run arbitrary code in the context of the current user, potentially taking control of the affected system, as described in multipl...

9.3CVSS7.9AI score0.24494EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.106 views

CVE-2020-17067

CVE-2020-17067 refers to a Microsoft Excel Security Feature Bypass vulnerability. Affected product: Microsoft Excel/Office components; root cause: security feature bypass in Excel. CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW complexity, NONE privileges, user interaction REQUIRED;...

7.8CVSS7.4AI score0.03048EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.105 views

CVE-2010-0822

CVE-2010-0822 describes a stack-based overflow in Excel’s object (OBJ) record parser. The vulnerability permits remote code execution via a specially crafted Excel file and affects Excel 2002 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac (per the initial entry). Public...

9.3CVSS7.9AI score0.70121EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.105 views

CVE-2015-0085

CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...

9.3CVSS7.4AI score0.17279EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.105 views

CVE-2017-0194

CVE-2017-0194 affects Microsoft Excel 2007 SP3, Excel 2010 SP2 and Office Compatibility Pack SP2. It is an Information Disclosure vulnerability where crafted Office documents can cause memory objects to disclose sensitive memory contents due to improper handling of memory. Root cause: improper ha...

5.5CVSS4.9AI score0.2552EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.105 views

CVE-2017-8632

CVE-2017-8632 describes a remote code execution vulnerability in Microsoft Office products caused by improper handling of in-memory objects (memory corruption). Affected are Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Web Apps 2013, Excel for Mac 2011, Excel 20...

9.3CVSS7.7AI score0.16997EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.105 views

CVE-2018-8502

CVE-2018-8502 is an Excel remote code execution vulnerability in Microsoft Excel (and adjacent Office components) caused by improper handling of objects in Protected View. The issue allows arbitrary code execution in the context of the current user, with the attacker potentially gaining full cont...

9.3CVSS8.8AI score0.19791EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.105 views

CVE-2020-1504

CVE-2020-1504 is a remote code execution flaw in Microsoft Excel caused by improper handling of in-memory objects. The vulnerability allows arbitrary code execution in the caller’s context if a user opens a specially crafted Excel file. The NVD entry (CVSS:3.1 base score 8.8; impact high on confi...

9.3CVSS9AI score0.04205EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.105 views

CVE-2021-24069

CVE-2021-24069 is an Excel remote code execution vulnerability (Microsoft Excel/Office components). Public details in connected sources indicate a vulnerability class: remote code execution via Excel, with affected products spanning Microsoft Excel/Office versions referenced in Microsoft advisori...

7.8CVSS7.6AI score0.0234EPSS
CVE
CVE
added 2025/03/11 4:58 p.m.105 views

CVE-2025-24081

CVE-2025-24081 is a Microsoft Excel/Office vulnerability described as a use-after-free in Excel that enables local arbitrary code execution. The CVSS v3.1 vector indicates a high-severity, local-execution flaw (AV: Local, AC: Low, PR: None, UI: Required, S: Unchanged, C/I/A: High). The vulnerabil...

7.8CVSS8AI score0.00655EPSS
CVE
CVE
added 2008/01/16 10:0 p.m.104 views

CVE-2008-0081

CVE-2008-0081 corresponds to the Macro Validation Vulnerability in Microsoft Excel and related Office components. A remote code execution flaw exists when opening specially crafted Excel files with macros, caused by improper validation of macro/memory handling, affecting Excel 2000 SP3 through 20...

9.8CVSS9.6AI score0.57908EPSS
CVE
CVE
added 2016/01/13 2:0 a.m.104 views

CVE-2016-0012

CVE-2016-0012 affects Microsoft Office suite (2007–2016 and related components) and is described as a security feature/ASLR bypass vulnerability. Connected OpenVAS entries explicitly reference remote bypass vectors in Office components (PowerPoint, Visio, Word, Excel, VB runtime) and note exploit...

4.3CVSS5.1AI score0.11195EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.104 views

CVE-2021-24070

CVE-2021-24070 is a Microsoft Excel remote code execution vulnerability. The connected documentation provides concrete details: affected product is Microsoft Excel (examples include Excel 2016/Office 2016 installations) and the vulnerability is described as allowing remote code execution. The Mic...

7.8CVSS7.6AI score0.02321EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.103 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12509EPSS
CVE
CVE
added 2024/12/18 10:41 p.m.102 views

CVE-2024-43106

Microsoft Excel on macOS (version 16.83) is vulnerable to a library-injection issue that lets a malicious app inject a library and piggyback on Excel’s entitlements to perform actions with the app’s permissions. The root cause is the combination of Hardened Runtime with com.apple.security.cs.disa...

9.1CVSS6.9AI score0.00736EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.101 views

CVE-2010-0821

CVE-2010-0821 is identified in connected advisories as the Excel SXVIEW record parsing memory corruption vulnerability. It allows remote code execution if a user opens a specially crafted Excel file, due to improper parsing of SXVIEW structures. Exploitation requires user interaction (opening a c...

9.3CVSS7.5AI score0.24265EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.101 views

CVE-2017-8501

CVE-2017-8501 is described across connected CNVD/OpenVAS entries as a memory corruption vulnerability in Microsoft Office components (notably Word/Excel/SharePoint) that can be triggered by specially crafted files to yield remote code execution or DoS under the current user. The root cause cited ...

9.3CVSS7.8AI score0.23321EPSS
Total number of security vulnerabilities446