446 matches found
CVE-2017-8501
CVE-2017-8501 is described across connected CNVD/OpenVAS entries as a memory corruption vulnerability in Microsoft Office components (notably Word/Excel/SharePoint) that can be triggered by specially crafted files to yield remote code execution or DoS under the current user. The root cause cited ...
CVE-2018-8597
CVE-2018-8597 is a remote code execution vulnerability in Microsoft Excel/Office where improper handling of in-memory objects can allow arbitrary code execution in the context of the current user. Exploitation typically requires a user to open a specially crafted file, and affects Excel component...
CVE-2015-6038
CVE-2015-6038 affects Microsoft Office products including Excel 2007/2010/2013/2016 (Windows and Mac) and related components, as well as Excel Services on SharePoint Server and Office viewers. The vulnerability stems from memory corruption triggered by specially crafted Office documents, enabling...
CVE-2016-7265
CVE-2016-7265 affects Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3/2010 SP2). The vulnerability is described as an information disclosure via an out-of-boun...
CVE-2021-27054
CVE-2021-27054 is a Microsoft Excel remote code execution vulnerability documenting RCE in Excel/Office components. Public sources in connected docs reference March 2021 security updates for Office/Excel products (C2R deployments for March 2021; macOS and Office 2010/2019 variants) as the fix con...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2009-0238
CVE-2009-0238 corresponds to a remote code execution vulnerability in Microsoft Office Excel and related components (Excel Viewer, Compatibility Pack, and Mac variants) triggered by opening a crafted Excel document that causes an invalid object access. The issue manifests as memory/code execution...
CVE-2025-47165
CVE-2025-47165 is a Microsoft Excel/Office remote code execution vulnerability attributed to a use-after-free in Excel. Connected sources describe an attacker leveraging a crafted DOCM delivery to compel a user to execute code, enabling local RCE. The CVE is tracked in Microsoft’s June 2025 secur...
CVE-2018-0907
CVE-2018-0907 is a security feature bypass in Microsoft Excel/Office products caused by how macro settings are enforced. Affected: Excel 2007 SP3, 2010 SP2, 2013 SP1, 2016, and Office 2016 for Mac, including Office 2016 Click-to-Run. Core issue: bypasses to macro security controls (security featu...
CVE-2024-49028
CVE-2024-49028 is a Microsoft Excel remote code execution vulnerability. Related sources confirm Excel components are affected and describe a need for security updates (e.g., November 2024 Excel security updates, KB5002653) to remediate. The issue is tied to the Office/Excel suite and is addresse...
CVE-2024-49030
CVE-2024-49030 is a Microsoft Excel Remote Code Execution vulnerability affecting Excel 2016 and related Office Excel components. Public advisories (CNVD/NCSC/MSRC) describe a vulnerability in Excel that could enable arbitrary code execution when a crafted file is opened, with a heap/remote-code-...
CVE-2016-0136
CVE-2016-0136 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2. The root cause is memory corruption from improper handling of objects in memory, enabling remote code execution when a crafted Office document ...
CVE-2016-3359
CVE-2016-3359 affects Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Viewer). The issue is a memory corruption vulnerability in Office that allows remote code execution via a crafted document. The CVE entry’s linked sources (NVD/NVD-variant and r...
CVE-2025-30377
CVE-2025-30377 is a Use-After-Free vulnerability in Microsoft Office that can lead to local code execution. Affected products span Microsoft Office components (Office 2016/2019/2021/365 families and related Office applications) with the root cause described as a use-after-free condition allowing ...
CVE-2011-0098
CVE-2011-0098 corresponds to a remote code execution vulnerability in Microsoft Office Excel. The issue is a buffer/heap overflow in parsing the Label record (Excel file format), allowing remote attackers to run arbitrary code by convincing a user to open a malicious XLS file. Affected products i...
CVE-2015-2423
CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...
CVE-2016-0139
CVE-2016-0139 is a memory corruption vulnerability in Microsoft Office products (Excel 2010 SP2, Word for Mac 2011, Excel Viewer) that enables remote code execution when a crafted Office document is opened. Multiple connected sources confirm it stems from improper handling of objects in memory, a...
CVE-2018-8598
CVE-2018-8598 is an information disclosure vulnerability in Microsoft Excel where memory contents can be exposed. Affected products include Office 365 ProPlus, Microsoft Office, and Microsoft Excel. The root cause is that Excel improperly discloses its memory contents. According to the provided d...
CVE-2021-24068
CVE-2021-24068 is a Microsoft Excel remote code execution vulnerability. Publicly documented details in connected sources confirm Excel/RCE context and indicate affected Office products and versions addressed by security updates. Notable remediation: Microsoft security updates KB4493211 (Excel 20...
CVE-2010-1245
CVE-2010-1245 is a remote code execution vulnerability in Microsoft Office Excel involving a malformed SxView record that could be triggered by opening a crafted Excel file. Affected products include Excel 2002 SP3, Excel 2004 for Mac, Excel 2008 for Mac, and the Open XML File Format Converter fo...
CVE-2015-2376
CVE-2015-2376 affects multiple Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1/RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2/2013 SP1). The vulnerability is a memory corrupti...
CVE-2010-1248
CVE-2010-1248 affects Microsoft Office Excel 2002 SP3 (and Excel 2004 for Mac) due to parsing errors in HFPicture and WOPT records, causing heap/buffer memory corruption and potential remote code execution. The vulnerability arises when opening specially crafted Excel files containing malformed H...
CVE-2015-1682
Microsoft Office Multiple Remote Code Execution Vulnerabilities (CVE-2015-1682) affect Office/SharePoint components across Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, Word/Excel/PowerPoint/SharePoint-related services, etc. Root cause: memory corruption triggered by processing a crafted...
CVE-2016-7236
CVE-2016-7236 affects Microsoft Office components, notably Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2. The root cause is a memory handling flaw that allows remote code execution when a user opens a specially crafted Office document, wi...
CVE-2018-1011
CVE-2018-1027/1029/1011 describe a remote code execution in Microsoft Excel when Excel improperly handles in-memory objects. Affected: Microsoft Excel (and Office components in some entries). Root cause: incorrect handling of objects in memory leading to memory corruption that enables code execut...
CVE-2009-3127
CVE-2009-3127 (Excel Cache Memory Corruption) is a remote code execution vulnerability in Microsoft Office Excel variants: Excel 2002 SP3, 2003 SP3, 2004/2008 for Mac, Open XML File Format Converter for Mac, and Excel Viewer 2003 SP3. It stems from improper parsing of the Excel file format, allow...
CVE-2010-0257
CVE-2010-0257 is a remote code execution vulnerability in Microsoft Excel 2002 SP3 and Excel XP related to memory corruption when processing EntExU2 records in a crafted Excel file. Exploitation could allow an attacker to take full control of the affected system by convincing a user to open a mal...
CVE-2016-3362
CVE-2016-3362 and CVE-2016-3365 are memory‑corruption vulnerabilities in Microsoft Office components (notably Excel across multiple versions and Office/SharePoint services) that allow remote code execution via a crafted document. The root cause is memory handling flaws in Office components when p...
CVE-2017-8502
CVE-2017-8502 is a Microsoft Office memory corruption vulnerability described in connected CNVD entries as affecting Office components (e.g., Word/Excel/PowerPoint) through improper handling of objects in memory. A remote attacker can trigger a vulnerability by luring a user to open a specially c...
CVE-2020-17066
Mode C CVE-2020-17066 affects Microsoft Excel (Office). The connected sources confirm a Remote Code Execution vulnerability in Excel, with Microsoft’s advisory and related security updates addressing CVE-2020-17066 among a set of Excel-related CVEs. The CVSS data present in the documents indicate...
CVE-2015-2521
CVE-2015-2521 is a memory corruption vulnerability in Microsoft Office components (Excel 2007 SP3/2010 SP2, Office Compatibility Pack, Excel Viewer) that allows remote code execution when processing specially crafted Office documents. Public sources confirm in-the-wild exploitation for this famil...
CVE-2015-2523
CVE-2015-2523 describes a memory corruption vulnerability in Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1/RT SP1, Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer) that allows remote code execution when processing crafted Office documents. The root cause i...
CVE-2025-24082
CVE-2025-24082 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel that can allow a local attacker to run arbitrary code. The CVE is confirmed by Microsoft’s MSRC entry (Microsoft Excel Remote Code Execution Vulnerability) and is referenced alongside re...
CVE-2025-21394
CVE-2025-21394 is a Microsoft Excel remote code execution vulnerability affecting Excel/Office components. Exploitation requires a user to open a crafted file and can lead to total compromise per the published CVSS: Local access, user interaction required, high impact. Remediation provided via Fe...
CVE-2025-24075
Summary : CVE-2025-24075 is a stack-based buffer overflow in Microsoft Excel (Office) that allows local code execution. The vulnerability affects Excel components handling data/files and can lead to arbitrary code execution in the caller’s context when exploited locally with user interaction. Imp...
CVE-2015-6094
Summary (CVE-2015-6094) A memory corruption vulnerability in Microsoft Office components (notably Excel) that could allow remote code execution when processing a specially crafted Office document. Affected products include Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for M...
CVE-2018-1027
Microsoft Excel/Office are affected by CVE-2018-1027, a remote code execution vulnerability caused by improper handling of in-memory objects. The issue affects Excel and Office suites, enabling potential code execution when loaded with crafted data. CVSS references show a high-severity impact (C ...
CVE-2018-8246
CVE-2018-8246 affects Microsoft Excel and related Office components. The connected advisories describe an information-disclosure vulnerability caused by the inclusion of uninitialized memory when processing parsed expressions in FORMULA records within Excel workbooks, allowing disclosure of sensi...
CVE-2016-7229
CVE-2016-7229 is a memory corruption vulnerability in Microsoft Office/Excel affecting multiple Office versions (including Excel 2007/2010/2013/2016 and Mac variants) that allows remote code execution via a crafted Office document. The issue stems from improper handling of objects in memory, enab...
CVE-2018-8375
CVE-2018-8375 is a remote code execution vulnerability in Microsoft Excel family (Excel, Excel Viewer, Office) caused by improper handling of in-memory objects. The CVE affects Excel-related products and is characterized by a high-impact, possible remote code execution with local attack vector, r...
CVE-2025-32704
CVE-2025-32704 is a Microsoft Excel remote code execution vulnerability caused by a buffer over-read in Excel. The issue allows a local attacker to run arbitrary code on the affected system; CVSS indicates high impact with local access and no user interaction required in at least one metric set. ...
CVE-2004-0846
Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...
CVE-2011-0980
CVE-2011-0980 corresponds to a memory corruption flaw in Microsoft Office that arises when parsing Office Art objects, enabling remote code execution via a crafted file. It affects Excel/Office components across Windows and Mac builds listed in the initial document (Excel 2002/2003, Office for Ma...
CVE-2015-2378
CVE-2015-2378 is an Untrusted Search Path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3. The root cause is DLL loading from the current working directory (Trojan horse DLL) that enables local privilege elevation. Documents indi...
CVE-2015-6122
CVE-2015-6122 is part of the MS15-131 memory corruption family affecting multiple Microsoft Office products. The connected Nessus plugin (MS15-131) links CVE-2015-6122 to remote code execution via crafted Office documents, with Mac OS X Office versions (MACOSX_MS15-131_OFFICE.NASL) and Office for...
CVE-2008-4019
CVE-2008-4019 is an integer overflow in Excel’s REPT function used when parsing a formula within a cell, affecting multiple Windows and Mac Excel versions (e.g., 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1) and related viewers/compat packs. The vulnerability allows remote code execution if a ...
CVE-2016-3363
CVE-2016-3363 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer. The vulnerability is a memory-corruption flaw triggered by a crafted document, enabling remote code execution with the attacker gaining t...
CVE-2018-8636
CVE-2018-8636 is a remote code execution vulnerability in Microsoft Excel (and related Office components) caused by improper handling of memory objects. Affected products include Office 365 ProPlus, Microsoft Office, and Microsoft Excel. The underlying issue is failure to properly manage in-memor...
CVE-2010-0263
CVE-2010-0263 concerns Microsoft Office Excel XLSX File Parsing Code Execution. The vulnerability arises from insufficient validation of ZIP headers during decompression of Open XML XLSX documents, enabling remote code execution via a crafted file that accesses uninitialized memory. Affected soft...
CVE-2015-2375
Microsoft Excel ASLR Bypass (CVE-2015-2375) affects Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, and Excel Services on SharePoint Server 2010 SP2/2013 SP1. Root cause: crafted spreadsheet allows bypassing ASLR protection, enabling potential memory-disclosure or downst...