Lucene search
+L
MicrosoftExcel

446 matches found

CVE
CVE
added 2011/02/10 6:0 p.m.85 views

CVE-2011-0979

CVE-2011-0979 affects Microsoft Excel and related Office components (including Mac versions) where errors parsing Office Art records in Excel spreadsheets allow remote code execution via a malformed object record (stray reference). Root cause is improper error handling during parsing of Office Ar...

9.3CVSS7.5AI score0.26523EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.85 views

CVE-2015-2375

Microsoft Excel ASLR Bypass (CVE-2015-2375) affects Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, and Excel Services on SharePoint Server 2010 SP2/2013 SP1. Root cause: crafted spreadsheet allows bypassing ASLR protection, enabling potential memory-disclosure or downst...

4.3CVSS6.4AI score0.13995EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.85 views

CVE-2016-0054

CVE-2016-0054 affects multiple Microsoft Office components (notably Excel across Windows and macOS, including Office viewers/SharePoint services). The underlying issue is memory corruption triggered by processing a crafted Office document, enabling remote code execution. Public references describ...

9.3CVSS7.7AI score0.16074EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.85 views

CVE-2016-3284

CVE-2016-3284 affects Microsoft Excel components across numerous products (Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; Excel for Mac 2011/2016; Office Compatibility Pack SP3; Excel Viewer). Root cause is memory corruption when processing crafted Office documents, enabling remote code e...

9.3CVSS7.6AI score0.19641EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.85 views

CVE-2016-3365

CVE-2016-3365 is a Microsoft Office memory corruption vulnerability affecting Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Exc...

9.3CVSS7.6AI score0.19867EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.85 views

CVE-2018-8148

CVE-2018-8148 is a remote code execution vulnerability in Microsoft Excel (Office) arising from improper handling of in-memory objects. The issue affects Microsoft Office/Excel and is part of a set including CVE-2018-8147 and CVE-2018-8162; the connected MAC/Office 2018 May 2018 update entry refe...

9.3CVSS7.9AI score0.24494EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.84 views

CVE-2015-6040

CVE-2015-6040 is a memory corruption vulnerability in Microsoft Office components (Excel 2007/2010, Excel for Mac 2011/2016, Office Compatibility Pack, Excel Viewer) that can be exploited remotely by a crafted Office document to execute arbitrary code. Root cause: improper handling of memory obje...

9.3CVSS7.5AI score0.13601EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.84 views

CVE-2018-0920

CVE-2018-0920 is part of a family of Microsoft Excel remote code execution vulnerabilities described across multiple CVEs (e.g., CVE-2018-1027, CVE-2018-1011, CVE-2018-1029). The connected documents indicate the issue affects Microsoft Excel (and related Office components) and arises when the app...

9.3CVSS7.7AI score0.21001EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.84 views

CVE-2018-1029

Microsoft Excel remote code execution vulnerability exists due to improper handling of objects in memory, affecting Microsoft Excel, Excel Viewer, and Microsoft Office. The CVE-2018-1029 entry aligns with related CVEs (1027, 1011, 0920) and cites a memory-object handling flaw as the cause. The do...

9.3CVSS7.7AI score0.20878EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.84 views

CVE-2018-8429

CVE-2018-8429 is an information disclosure vulnerability in Microsoft Excel and related components (Excel Viewer, Office). The underlying issue is that Excel may disclose memory contents. Affected products include Excel 2010 SP2, 2016 (KB4092460), Office compatibility pack, and related Excel/Offi...

5.5CVSS5AI score0.12255EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.83 views

CVE-2008-3471

CVE-2008-3471 is a stack-based buffer overflow in Microsoft Excel’s BIFF file format parsing, triggered by a malformed record in a .xls file. Affected products include Excel 2000 SP3, 2002 SP3, 2003 SP2/SP3, 2007 Gold/SP1, Excel Viewer (2003 SP3) and related Mac components, as well as the Open XM...

9.3CVSS7.8AI score0.52318EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.83 views

CVE-2010-1249

CVE-2010-1249 is a memory corruption vulnerability in Microsoft Office Excel related to processing malformed ExternalName (record type 0x23) in Excel files, enabling remote code execution when a user opens a crafted file. Affected products per the CVE entry and linked advisories include Excel 200...

9.3CVSS7.8AI score0.24781EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.83 views

CVE-2012-1886

Summary: CVE-2012-1886 affects Microsoft Office Excel and related components. The vulnerability is triggered by a crafted spreadsheet that can cause memory corruption, enabling remote code execution or a denial of service. Affected products (as documented): Excel 2003 SP3; Excel 2007 SP2/SP3; Exc...

9.3CVSS7.6AI score0.21769EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.83 views

CVE-2015-2377

CVE-2015-2377 affects Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3) and is caused by memory corruption when parsing crafted Office documents, enabling remote code execution or a denial of service. Multiple connec...

9.3CVSS7.7AI score0.13601EPSS
CVE
CVE
added 2016/01/13 2:0 a.m.83 views

CVE-2016-0035

CVE-2016-0035 affects Microsoft Office components (notably Excel across Windows and Mac variants, plus Office Compatibility Pack and Excel Viewer) and is described as a memory corruption vulnerability that allows remote code execution when processing specially crafted Office documents. The root c...

9.3CVSS7.7AI score0.22688EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.83 views

CVE-2016-7231

CVE-2016-7231 affects Microsoft Office components: Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer. Root cause is memory corruption from improper handling of objects in memory, enabling remote code execution when processing a crafted Office document. Affected p...

9.3CVSS7.6AI score0.18664EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.82 views

CVE-2008-0115

CVE-2008-0115 : A remote-code-execution vulnerability in Microsoft Excel’s Formula Parsing affects Excel 2000 SP3–2007, Excel Viewer 2003, the Office Compatibility Pack, and Office for Mac 2004. The issue arises from improper handling of malformed formulas, allowing a user-assisted attacker to tr...

9.3CVSS9.7AI score0.39333EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.82 views

CVE-2009-3128

CVE-2009-3128 describes a remote code execution vulnerability in Microsoft Office Excel via a malformed SxView record in Excel files. Affects Excel 2002 SP3, Excel 2003 SP3, and Excel Viewer 2003 SP3; exploitation leads to arbitrary code execution with the attacker gaining the user’s privileges. ...

9.3CVSS7.3AI score0.24879EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.82 views

CVE-2009-3132

CVE-2009-3132 is the Excel Index Parsing Vulnerability: a remote-code-execution flaw in Microsoft Office Excel where pointer corruption occurs while parsing Excel formulas/indices in affected Office Excel versions (Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, plus Mac variants and viewers). A crafted ...

9.3CVSS7.4AI score0.25883EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.82 views

CVE-2010-3232

CVE-2010-3232 covers multiple Microsoft Office Excel-related parsing flaws: Excel record parsing vulnerabilities that allow remote code execution when opening specially crafted Excel files. The root cause is improper validation/handling of record information in the Excel file format, leading to m...

9.3CVSS7.6AI score0.21413EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.82 views

CVE-2025-21383

CVE-2025-21383 is an Microsoft Excel information-disclosure vulnerability affecting Office/Excel. The available sources (MSRC MS-Office security guidance, NC SC advisories, and related update notes) confirm Excel-specific information disclosure with potential access to sensitive data. Exploitatio...

7.8CVSS7.5AI score0.00988EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.81 views

CVE-2010-0262

CVE-2010-0262 describes a remote code execution vulnerability in Microsoft Office Excel stemming from an uninitialized memory access in the FNGROUPNAME record during parsing of Excel files. The issue could let an attacker execute arbitrary code with the privileges of the user who opens a crafted ...

9.3CVSS7.7AI score0.21256EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.81 views

CVE-2011-1272

Summary (CVE-2011-1272) : This vulnerability affects Microsoft Excel and related components (Excel 2002 SP3, 2003 SP3, 2007 SP2; Office 2004/2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack SP2) and is caused by improper validation of record struct...

9.3CVSS7.5AI score0.17592EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.81 views

CVE-2012-0185

CVE-2012-0185 is a heap-based buffer overflow affecting Microsoft Excel 2007 SP2/SP3, Excel 2010 Gold/SP1, Excel Viewer, and Office Compatibility Pack SP2/SP3 . The vulnerability arises from inefficient/incorrect memory handling during opening of crafted spreadsheets , specifically related to the...

9.3CVSS8AI score0.24628EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.81 views

CVE-2015-0097

CVE-2015-0097 is an Office Local Zone Remote Code Execution vulnerability affecting Microsoft Office 2007 SP3 and Office 2010 SP2 (Word/Excel/PowerPoint). The root cause is improper handling of crafted Office documents that are processed in the HTML context of the local machine zone, allowing an ...

9.3CVSS7.9AI score0.40942EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.81 views

CVE-2016-3381

Microsoft Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibility Pack SP3, and Excel Viewer are affected by CVE-2016-3381, a memory-corruption vulnerability in Office components that allows remote code execution via a crafted document. The CNVD entry corroborates a remote att...

9.3CVSS7.6AI score0.14969EPSS
CVE
CVE
added 2018/08/15 5:0 p.m.81 views

CVE-2018-8382

CVE-2018-8382 is an information-disclosure vulnerability in Microsoft Excel family. Connected advisories attribute the root cause to a missing length verification during parsing of workbook streams, enabling a remote attacker to obtain sensitive memory contents. Affected products include Microsof...

5.5CVSS5.5AI score0.12255EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.81 views

CVE-2024-49029

CVE-2024-49029 : Microsoft Excel Remote Code Execution vulnerability observed in multiple sources. Affected product: Microsoft Excel (Office 2016/MCU context). Reported fix: security update KB5002653 for Excel 2016 (MSKB), which addresses several CVEs including CVE-2024-49029; notes that the MSI-...

7.8CVSS7.9AI score0.00736EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.80 views

CVE-1999-0717

Microsoft Excel 97 is affected by CVE-1999-0717, enabling a remote attacker to disable the virus warning mechanism. Connected documents confirm the product and impact but do not provide root-cause details, affected subcomponents/versions beyond Excel 97, exploitation status, or remediation steps.

2.6CVSS7AI score0.05843EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.80 views

CVE-2012-1887

CVE-2012-1887 is a use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, and Office for Mac 2008/2011, exploitable via a crafted spreadsheet to achieve remote code execution. The underlying issue is a use-after-free in handling an Excel SST Invalid Length condition. Af...

9.3CVSS7.5AI score0.25099EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.80 views

CVE-2015-2558

CVE-2015-2558 is a use-after-free memory corruption vulnerability in Microsoft Office components (e.g., Excel 2007 SP3, 2010 SP2, 2013 SP1/RT SP1, 2016; Office for Mac 2011/2016; Excel Services on SharePoint Server 2007 SP3/2010 SP2/2013 SP1) that allows remote code execution via a long fileVersi...

9.3CVSS7.5AI score0.20151EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.80 views

CVE-2016-7267

CVE-2016-7267 affects Microsoft Excel across multiple versions: 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016. The root cause is misparsing of file formats, described as a security feature bypass vulnerability in Office that can lead to remote code execution when a user opens a crafted document. The ...

5.5CVSS6.8AI score0.19414EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.79 views

CVE-2002-0152

The CVE-2002-0152 entry concerns a buffer overflow in Macintosh builds of several Microsoft applications. The vulnerability is triggered by the file:// directive when a large number of slashes (/) is supplied, allowing remote attackers to crash the affected applications or potentially execute arb...

7.5CVSS8.3AI score0.1737EPSS
CVE
CVE
added 2009/11/11 8:0 p.m.79 views

CVE-2009-3134

CVE-2009-3134 is the Excel Field Sanitization Vulnerability. It affects Microsoft Office Excel components across Windows and Mac platforms listed in the entries, including Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Office 2004/2008 for Mac, Open XML Converter for Mac, Excel Viewer SKUs, and the Offi...

9.3CVSS7.4AI score0.25777EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.79 views

CVE-2010-1250

CVE-2010-1250 is a remote code execution vulnerability in Microsoft Office Excel, caused by a heap overflow when parsing malformed EDG (0x88) and Publisher (0x89) records. Affects Excel 2002 SP3, Excel for Mac (2004, 2008), and Open XML File Format Converter for Mac. Microsoft MS10-038 addresses ...

9.3CVSS8.1AI score0.23843EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.79 views

CVE-2018-8162

CVE-2018-8162 is a remote code execution vulnerability in Microsoft Excel/Office where improper handling of in-memory objects can allow code execution. Affected products include Microsoft Excel (Office) across platforms; the vulnerability is triggered by memory handling flaws in Excel and require...

9.3CVSS7.9AI score0.24494EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.79 views

CVE-2025-21390

CVE-2025-21390 corresponds to a Microsoft Excel remote code execution vulnerability. The issue affects Excel components in Office, with the root cause described as a code execution flaw in the Excel-related files (e.g., Excel.exe and related XLL/addin components) that could let an attacker run ar...

7.8CVSS7.9AI score0.0082EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.79 views

CVE-2025-30379

CVE-2025-30379 is a Microsoft Excel/Office vulnerability described as a release of an invalid pointer or reference in Excel that allows an attacker to execute code locally. Public references (MSRC advisory and CVE records) corroborate Excel as the affected component and confirm a local code execu...

7.8CVSS7.5AI score0.00464EPSS
CVE
CVE
added 2007/03/03 7:0 p.m.78 views

CVE-2007-1239

Microsoft Excel 2003 contains a vulnerability in parsing .XLS files; a file with corrupted XML format or corrupted XLS format triggers a NULL pointer dereference, allowing remote attackers to cause a denial-of-service (application crash). The affected component is Excel’s workbook parsing for XLS...

4.3CVSS6.6AI score0.11611EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.78 views

CVE-2011-1275

CVE-2011-1275 affects Microsoft Excel components across Windows/macOS environments (Excel 2002 SP3; Office 2004/2008/2011 for Mac; Open XML File Format Converter for Mac). The issue arises from improper validation of record information during Excel file parsing, causing a memory handling error th...

9.3CVSS7.7AI score0.1332EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.78 views

CVE-2016-7228

CVE-2016-7228 affects Microsoft Office family (Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; Office for Mac 2011/2016; Office Compatibility Pack SP3). Description: memory corruption in Office components allows remote code execution when a user opens a crafted Office document. Impact per ...

9.3CVSS7.6AI score0.28282EPSS
CVE
CVE
added 2006/07/07 6:0 p.m.77 views

CVE-2006-3431

CVE-2006-3431 describes a remote code execution vulnerability in Microsoft Excel related to the handling of the STYLE record in various Asian-language Excel versions. The flaw is a stack-based buffer overflow triggered when parsing a crafted spreadsheet, potentially allowing code execution if a u...

7.5CVSS7.4AI score0.2832EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.77 views

CVE-2010-3230

The CVE-2010-3230 entry relates to an integer overflow in Microsoft Excel 2002 SP3 while parsing crafted record information, enabling remote code execution via a specially crafted Excel file. Affected software in the linked advisories includes Excel 2002 SP3 and related Excel formats across Offic...

9.3CVSS7.8AI score0.20486EPSS
CVE
CVE
added 2011/02/10 6:0 p.m.77 views

CVE-2011-0977

CVE-2011-0977 is a use-after-free in Microsoft Office’s handling of graphic objects within Office drawing data, enabling remote code execution. Affected products include Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004/2008 for Mac, and the Open XML File Format Converter for Mac. The ...

9.3CVSS7.6AI score0.32172EPSS
CVE
CVE
added 2006/06/22 12:0 a.m.76 views

CVE-2006-3014

CVE-2006-3014 affects Microsoft Excel where embedding a Shockwave Flash Player ActiveX Object inside an XLS can automatically execute, enabling user-assisted arbitrary JavaScript execution and redirection when the spreadsheet is opened. According to SUSE and CPAI advisories, the issue originates ...

5.1CVSS7.2AI score0.30101EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.76 views

CVE-2010-1247

CVE-2010-1247 is an Excel RealTimeData Record Heap Corruption vulnerability in Microsoft Office Excel (notably Excel 2002 SP3) triggered by a malformed RealTimeData/RTD record that enables remote code execution. Public documentation also notes related Excel memory corruption CVEs (e.g., 2010-1249...

9.3CVSS7.5AI score0.22392EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.76 views

CVE-2015-6177

CVE-2015-6177 is a remote code execution memory-corruption vulnerability in Microsoft Office components. A crafted Office document can trigger arbitrary code execution in Excel 2007 SP3, Office Compatibility Pack SP3, or Excel Viewer by abusing how Office handles objects in memory during document...

9.3CVSS7.5AI score0.13601EPSS
CVE
CVE
added 2006/03/14 11:0 p.m.75 views

CVE-2006-0030

CVE-2006-0030 affects Microsoft Excel 2000, 2002, and 2003 via a memory corruption vulnerability in malformed graphics within Excel data files. An attacker could trigger remote code execution by having a user open a specially crafted Excel file containing a malformed graphic; impact is memory cor...

5.1CVSS7.2AI score0.39593EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.75 views

CVE-2006-2388

Summary: CVE-2006-2388 is a remote code execution vulnerability in Microsoft Office Excel (2000–2004) caused by a flaw when Excel rebuilds metadata after processing malformed cell comments. An attacker must lure a user into opening a crafted .XLS file, which could allow code execution with the cu...

9.3CVSS7.2AI score0.10784EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.75 views

CVE-2015-2415

CVE-2015-2415 affects Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3). The root cause is memory corruption when parsing crafted Office documents, enabling remote code execution or a denial of service. The advisory ...

9.3CVSS7.7AI score0.13601EPSS
Total number of security vulnerabilities446