Lucene search
+L
MicrosoftExcel

446 matches found

CVE
CVE
added 2017/07/11 9:0 p.m.101 views

CVE-2017-8501

CVE-2017-8501 is described across connected CNVD/OpenVAS entries as a memory corruption vulnerability in Microsoft Office components (notably Word/Excel/SharePoint) that can be triggered by specially crafted files to yield remote code execution or DoS under the current user. The root cause cited ...

9.3CVSS7.8AI score0.23321EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.101 views

CVE-2018-8597

CVE-2018-8597 is a remote code execution vulnerability in Microsoft Excel/Office where improper handling of in-memory objects can allow arbitrary code execution in the context of the current user. Exploitation typically requires a user to open a specially crafted file, and affects Excel component...

9.3CVSS6.1AI score0.1613EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.100 views

CVE-2015-6038

CVE-2015-6038 affects Microsoft Office products including Excel 2007/2010/2013/2016 (Windows and Mac) and related components, as well as Excel Services on SharePoint Server and Office viewers. The vulnerability stems from memory corruption triggered by specially crafted Office documents, enabling...

9.3CVSS7.5AI score0.32875EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.100 views

CVE-2016-7265

CVE-2016-7265 affects Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3/2010 SP2). The vulnerability is described as an information disclosure via an out-of-boun...

7.1CVSS6.7AI score0.22571EPSS
CVE
CVE
added 2021/03/11 3:46 p.m.100 views

CVE-2021-27054

CVE-2021-27054 is a Microsoft Excel remote code execution vulnerability documenting RCE in Excel/Office components. Public sources in connected docs reference March 2021 security updates for Office/Excel products (C2R deployments for March 2021; macOS and Office 2010/2019 variants) as the fix con...

7.8CVSS7.6AI score0.03122EPSS
CVE
CVE
added 2007/02/03 1:0 a.m.98 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
added 2009/02/25 4:0 p.m.98 views

CVE-2009-0238

CVE-2009-0238 corresponds to a remote code execution vulnerability in Microsoft Office Excel and related components (Excel Viewer, Compatibility Pack, and Mac variants) triggered by opening a crafted Excel document that causes an invalid object access. The issue manifests as memory/code execution...

9.3CVSS7.4AI score0.43063EPSS
In wild
CVE
CVE
added 2025/06/10 5:2 p.m.98 views

CVE-2025-47165

CVE-2025-47165 is a Microsoft Excel/Office remote code execution vulnerability attributed to a use-after-free in Excel. Connected sources describe an attacker leveraging a crafted DOCM delivery to compel a user to execute code, enabling local RCE. The CVE is tracked in Microsoft’s June 2025 secur...

7.8CVSS8AI score0.01768EPSS
In wild
CVE
CVE
added 2018/03/14 5:0 p.m.97 views

CVE-2018-0907

CVE-2018-0907 is a security feature bypass in Microsoft Excel/Office products caused by how macro settings are enforced. Affected: Excel 2007 SP3, 2010 SP2, 2013 SP1, 2016, and Office 2016 for Mac, including Office 2016 Click-to-Run. Core issue: bypasses to macro security controls (security featu...

7.8CVSS7.5AI score0.06094EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.97 views

CVE-2024-49028

CVE-2024-49028 is a Microsoft Excel remote code execution vulnerability. Related sources confirm Excel components are affected and describe a need for security updates (e.g., November 2024 Excel security updates, KB5002653) to remediate. The issue is tied to the Office/Excel suite and is addresse...

7.8CVSS7.9AI score0.00736EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.97 views

CVE-2024-49030

CVE-2024-49030 is a Microsoft Excel Remote Code Execution vulnerability affecting Excel 2016 and related Office Excel components. Public advisories (CNVD/NCSC/MSRC) describe a vulnerability in Excel that could enable arbitrary code execution when a crafted file is opened, with a heap/remote-code-...

7.8CVSS7.9AI score0.00736EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.96 views

CVE-2016-0136

CVE-2016-0136 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2. The root cause is memory corruption from improper handling of objects in memory, enabling remote code execution when a crafted Office document ...

9.3CVSS7.8AI score0.20717EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.96 views

CVE-2016-3359

CVE-2016-3359 affects Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Viewer). The issue is a memory corruption vulnerability in Office that allows remote code execution via a crafted document. The CVE entry’s linked sources (NVD/NVD-variant and r...

9.3CVSS7.6AI score0.17466EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.96 views

CVE-2025-30377

CVE-2025-30377 is a Use-After-Free vulnerability in Microsoft Office that can lead to local code execution. Affected products span Microsoft Office components (Office 2016/2019/2021/365 families and related Office applications) with the root cause described as a use-after-free condition allowing ...

8.4CVSS8.9AI score0.0055EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.95 views

CVE-2011-0098

CVE-2011-0098 corresponds to a remote code execution vulnerability in Microsoft Office Excel. The issue is a buffer/heap overflow in parsing the Label record (Excel file format), allowing remote attackers to run arbitrary code by convincing a user to open a malicious XLS file. Affected products i...

9.3CVSS7.6AI score0.30499EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.95 views

CVE-2015-2423

CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...

4.3CVSS6.4AI score0.19851EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.95 views

CVE-2016-0139

CVE-2016-0139 is a memory corruption vulnerability in Microsoft Office products (Excel 2010 SP2, Word for Mac 2011, Excel Viewer) that enables remote code execution when a crafted Office document is opened. Multiple connected sources confirm it stems from improper handling of objects in memory, a...

9.3CVSS7.8AI score0.1629EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.95 views

CVE-2018-8598

CVE-2018-8598 is an information disclosure vulnerability in Microsoft Excel where memory contents can be exposed. Affected products include Office 365 ProPlus, Microsoft Office, and Microsoft Excel. The root cause is that Excel improperly discloses its memory contents. According to the provided d...

4.7CVSS5AI score0.06217EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.95 views

CVE-2021-24068

CVE-2021-24068 is a Microsoft Excel remote code execution vulnerability. Publicly documented details in connected sources confirm Excel/RCE context and indicate affected Office products and versions addressed by security updates. Notable remediation: Microsoft security updates KB4493211 (Excel 20...

7.8CVSS7.7AI score0.02321EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.94 views

CVE-2010-1245

CVE-2010-1245 is a remote code execution vulnerability in Microsoft Office Excel involving a malformed SxView record that could be triggered by opening a crafted Excel file. Affected products include Excel 2002 SP3, Excel 2004 for Mac, Excel 2008 for Mac, and the Open XML File Format Converter fo...

9.3CVSS7.5AI score0.22356EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.94 views

CVE-2015-2376

CVE-2015-2376 affects multiple Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1/RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2/2013 SP1). The vulnerability is a memory corrupti...

9.3CVSS7.7AI score0.15746EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.93 views

CVE-2010-1248

CVE-2010-1248 affects Microsoft Office Excel 2002 SP3 (and Excel 2004 for Mac) due to parsing errors in HFPicture and WOPT records, causing heap/buffer memory corruption and potential remote code execution. The vulnerability arises when opening specially crafted Excel files containing malformed H...

9.3CVSS7.8AI score0.27184EPSS
CVE
CVE
added 2015/05/13 10:0 a.m.93 views

CVE-2015-1682

Microsoft Office Multiple Remote Code Execution Vulnerabilities (CVE-2015-1682) affect Office/SharePoint components across Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, Word/Excel/PowerPoint/SharePoint-related services, etc. Root cause: memory corruption triggered by processing a crafted...

9.3CVSS7.4AI score0.18861EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.93 views

CVE-2016-7236

CVE-2016-7236 affects Microsoft Office components, notably Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2. The root cause is a memory handling flaw that allows remote code execution when a user opens a specially crafted Office document, wi...

9.3CVSS7.7AI score0.20717EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.93 views

CVE-2018-1011

CVE-2018-1027/1029/1011 describe a remote code execution in Microsoft Excel when Excel improperly handles in-memory objects. Affected: Microsoft Excel (and Office components in some entries). Root cause: incorrect handling of objects in memory leading to memory corruption that enables code execut...

9.3CVSS7.7AI score0.20136EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.92 views

CVE-2009-3127

CVE-2009-3127 (Excel Cache Memory Corruption) is a remote code execution vulnerability in Microsoft Office Excel variants: Excel 2002 SP3, 2003 SP3, 2004/2008 for Mac, Open XML File Format Converter for Mac, and Excel Viewer 2003 SP3. It stems from improper parsing of the Excel file format, allow...

9.3CVSS7.3AI score0.25075EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.92 views

CVE-2010-0257

CVE-2010-0257 is a remote code execution vulnerability in Microsoft Excel 2002 SP3 and Excel XP related to memory corruption when processing EntExU2 records in a crafted Excel file. Exploitation could allow an attacker to take full control of the affected system by convincing a user to open a mal...

9.3CVSS7.7AI score0.18587EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.92 views

CVE-2016-3362

CVE-2016-3362 and CVE-2016-3365 are memory‑corruption vulnerabilities in Microsoft Office components (notably Excel across multiple versions and Office/SharePoint services) that allow remote code execution via a crafted document. The root cause is memory handling flaws in Office components when p...

9.3CVSS7.6AI score0.17466EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.92 views

CVE-2017-8502

CVE-2017-8502 is a Microsoft Office memory corruption vulnerability described in connected CNVD entries as affecting Office components (e.g., Word/Excel/PowerPoint) through improper handling of objects in memory. A remote attacker can trigger a vulnerability by luring a user to open a specially c...

9.3CVSS7.8AI score0.23138EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.92 views

CVE-2020-17066

Mode C CVE-2020-17066 affects Microsoft Excel (Office). The connected sources confirm a Remote Code Execution vulnerability in Excel, with Microsoft’s advisory and related security updates addressing CVE-2020-17066 among a set of Excel-related CVEs. The CVSS data present in the documents indicate...

9.3CVSS7.8AI score0.03824EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.91 views

CVE-2015-2521

CVE-2015-2521 is a memory corruption vulnerability in Microsoft Office components (Excel 2007 SP3/2010 SP2, Office Compatibility Pack, Excel Viewer) that allows remote code execution when processing specially crafted Office documents. Public sources confirm in-the-wild exploitation for this famil...

9.3CVSS7.5AI score0.2769EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.91 views

CVE-2015-2523

CVE-2015-2523 describes a memory corruption vulnerability in Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1/RT SP1, Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer) that allows remote code execution when processing crafted Office documents. The root cause i...

9.3CVSS7.4AI score0.30315EPSS
CVE
CVE
added 2025/03/11 4:58 p.m.91 views

CVE-2025-24082

CVE-2025-24082 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel that can allow a local attacker to run arbitrary code. The CVE is confirmed by Microsoft’s MSRC entry (Microsoft Excel Remote Code Execution Vulnerability) and is referenced alongside re...

7.8CVSS7.6AI score0.00669EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.90 views

CVE-2025-21394

CVE-2025-21394 is a Microsoft Excel remote code execution vulnerability affecting Excel/Office components. Exploitation requires a user to open a crafted file and can lead to total compromise per the published CVSS: Local access, user interaction required, high impact. Remediation provided via Fe...

7.8CVSS7.9AI score0.0082EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.90 views

CVE-2025-24075

Summary : CVE-2025-24075 is a stack-based buffer overflow in Microsoft Excel (Office) that allows local code execution. The vulnerability affects Excel components handling data/files and can lead to arbitrary code execution in the caller’s context when exploited locally with user interaction. Imp...

7.8CVSS7.9AI score0.00645EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.89 views

CVE-2015-6094

Summary (CVE-2015-6094) A memory corruption vulnerability in Microsoft Office components (notably Excel) that could allow remote code execution when processing a specially crafted Office document. Affected products include Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for M...

9.3CVSS7.5AI score0.20568EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.89 views

CVE-2018-1027

Microsoft Excel/Office are affected by CVE-2018-1027, a remote code execution vulnerability caused by improper handling of in-memory objects. The issue affects Excel and Office suites, enabling potential code execution when loaded with crafted data. CVSS references show a high-severity impact (C ...

9.3CVSS7.7AI score0.19167EPSS
CVE
CVE
added 2018/06/14 12:0 p.m.89 views

CVE-2018-8246

CVE-2018-8246 affects Microsoft Excel and related Office components. The connected advisories describe an information-disclosure vulnerability caused by the inclusion of uninitialized memory when processing parsed expressions in FORMULA records within Excel workbooks, allowing disclosure of sensi...

5.5CVSS5AI score0.17359EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.88 views

CVE-2016-7229

CVE-2016-7229 is a memory corruption vulnerability in Microsoft Office/Excel affecting multiple Office versions (including Excel 2007/2010/2013/2016 and Mac variants) that allows remote code execution via a crafted Office document. The issue stems from improper handling of objects in memory, enab...

9.3CVSS7.6AI score0.19282EPSS
CVE
CVE
added 2018/08/15 5:0 p.m.88 views

CVE-2018-8375

CVE-2018-8375 is a remote code execution vulnerability in Microsoft Excel family (Excel, Excel Viewer, Office) caused by improper handling of in-memory objects. The CVE affects Excel-related products and is characterized by a high-impact, possible remote code execution with local attack vector, r...

9.3CVSS7.8AI score0.16245EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.88 views

CVE-2025-32704

CVE-2025-32704 is a Microsoft Excel remote code execution vulnerability caused by a buffer over-read in Excel. The issue allows a local attacker to run arbitrary code on the affected system; CVSS indicates high impact with local access and no user interaction required in at least one metric set. ...

8.4CVSS7.5AI score0.00366EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.87 views

CVE-2004-0846

Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...

7.5CVSS7.5AI score0.28348EPSS
CVE
CVE
added 2011/02/10 6:0 p.m.87 views

CVE-2011-0980

CVE-2011-0980 corresponds to a memory corruption flaw in Microsoft Office that arises when parsing Office Art objects, enabling remote code execution via a crafted file. It affects Excel/Office components across Windows and Mac builds listed in the initial document (Excel 2002/2003, Office for Ma...

9.3CVSS7.6AI score0.26374EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.87 views

CVE-2015-2378

CVE-2015-2378 is an Untrusted Search Path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3. The root cause is DLL loading from the current working directory (Trojan horse DLL) that enables local privilege elevation. Documents indi...

6.9CVSS7AI score0.06135EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.87 views

CVE-2015-6122

CVE-2015-6122 is part of the MS15-131 memory corruption family affecting multiple Microsoft Office products. The connected Nessus plugin (MS15-131) links CVE-2015-6122 to remote code execution via crafted Office documents, with Mac OS X Office versions (MACOSX_MS15-131_OFFICE.NASL) and Office for...

9.3CVSS7.5AI score0.13601EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.86 views

CVE-2008-4019

CVE-2008-4019 is an integer overflow in Excel’s REPT function used when parsing a formula within a cell, affecting multiple Windows and Mac Excel versions (e.g., 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1) and related viewers/compat packs. The vulnerability allows remote code execution if a ...

9.3CVSS7.5AI score0.34415EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.86 views

CVE-2016-3363

CVE-2016-3363 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer. The vulnerability is a memory-corruption flaw triggered by a crafted document, enabling remote code execution with the attacker gaining t...

9.3CVSS7.6AI score0.20203EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.86 views

CVE-2018-8636

CVE-2018-8636 is a remote code execution vulnerability in Microsoft Excel (and related Office components) caused by improper handling of memory objects. Affected products include Office 365 ProPlus, Microsoft Office, and Microsoft Excel. The underlying issue is failure to properly manage in-memor...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.85 views

CVE-2010-0263

CVE-2010-0263 concerns Microsoft Office Excel XLSX File Parsing Code Execution. The vulnerability arises from insufficient validation of ZIP headers during decompression of Open XML XLSX documents, enabling remote code execution via a crafted file that accesses uninitialized memory. Affected soft...

9.3CVSS7.8AI score0.25692EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.85 views

CVE-2015-2375

Microsoft Excel ASLR Bypass (CVE-2015-2375) affects Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, and Excel Services on SharePoint Server 2010 SP2/2013 SP1. Root cause: crafted spreadsheet allows bypassing ASLR protection, enabling potential memory-disclosure or downst...

4.3CVSS6.4AI score0.13995EPSS
Total number of security vulnerabilities446