Lucene search
+L
MicrosoftExcel

446 matches found

CVE
CVE
added 2014/12/11 12:0 a.m.68 views

CVE-2014-6361

Microsoft Excel vulnerabilities CVE-2014-6361/6360-6361 affect Excel 2007 SP3, 2010 SP2, 2013 Gold/SP1, 2013 RT/RT SP1 and Office Compatibility Pack. The issue is a memory-corruption remote-code-execution flaw triggered by parsing crafted Office documents, enabling arbitrary code execution when a...

9.3CVSS8.8AI score0.13352EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.68 views

CVE-2025-30375

CVE-2025-30375 affects Microsoft Excel (Office family). The vulnerability arises from a type confusion in Excel’s resource handling, enabling an attacker to achieve local code execution. Impact is described as remote/local execution with high severity; attack vector is local with user interaction...

7.8CVSS7.5AI score0.00498EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.67 views

CVE-2007-0028

CVE-2007-0028 affects multiple Excel variants: Excel 2000, 2002, 2003, Excel Viewer 2003, Office 2004 for Mac, and Office v.X for Mac. The vulnerability stems from improper handling of certain opcodes during Excel file parsing, which can corrupt memory and allow user‑assisted remote attackers to ...

9.3CVSS7.4AI score0.32981EPSS
CVE
CVE
added 2007/05/08 10:0 p.m.67 views

CVE-2007-1214

The CVE-2007-1214 issue affects Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac. It is a memory corruption/remote code execution vulnerability in the handling of Excel BIFF8 AutoFilter records; a crafted XLS file can trigger the flaw. Attack vector involves a user-open...

6.8CVSS7.3AI score0.28478EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.67 views

CVE-2008-0117

CVE-2008-0117 refers to a remote code execution vulnerability in Microsoft Excel related to crafted conditional formatting values. Affected are Excel 2000 SP3, Excel 2002 SP2, and Office for Mac 2004/2008. Exploitation requires a user to open a specially crafted file, enabling arbitrary code exec...

9.3CVSS9.6AI score0.33362EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.67 views

CVE-2010-0260

Microsoft Excel MDXTUPLE/MDXSET heap overflow vulnerabilities (CVE-2010-0260, part of MS10-017) affect Excel 2007 SP1/SP2, Excel Viewer SP1/SP2, and the Office Compatibility Pack for Word/Excel/PowerPoint 2007. The issue arises while parsing the MDXTUPLE/MDXSET records in workbook globals, enabli...

9.3CVSS7.9AI score0.23095EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.67 views

CVE-2010-1251

CVE-2010-1251 corresponds to a remote code execution vulnerability in Microsoft Office Excel, specifically the Excel Record Stack Corruption vulnerability. Public sources in the connected set detail affected products including Excel 2002 SP3, Excel 2003/2002 line for Mac (Office 2004 for Mac) and...

9.3CVSS7.5AI score0.21221EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.67 views

CVE-2010-3242

CVE-2010-3242 is a Ghost Record Type Parsing vulnerability in Microsoft Excel components: Excel 2002 SP3, Office for Mac 2004 and 2008, and the Open XML File Format Converter for Mac. The issue arises from improper validation of record information during parsing Ghost records, leading to a memory...

9.3CVSS7.5AI score0.21413EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.67 views

CVE-2011-1987

CVE-2011-1987 covers an out-of-bounds/integer-signing issue in Microsoft Excel and related Office components (Excel 2003 SP3, 2007 SP2, 2010 SP1, Office for Mac, Open XML Converter, Excel Viewer, and Office Compatibility Pack). The root cause is an array indexing vulnerability triggered by a craf...

9.3CVSS7.5AI score0.20486EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.67 views

CVE-2013-3159

CVE-2013-3159 stems from an XML External Entity (XXE) issue affecting Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1/SP2, as well as Excel Viewer and Microsoft Office Compatibility Pack SP3. The vulnerability enables a remote attacker to read arbitrary files by delivering an XML document contai...

4.3CVSS6.5AI score0.17381EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.66 views

CVE-2002-0618

CVE-2002-0618 affects Microsoft Excel 2000/2002 on Windows. The vulnerability stems from a flaw in the Macro Security Model that fails to detect HTML scripting within an Excel workbook containing an XSL stylesheet, allowing remote attackers to execute code in the Local Computer zone. Exploitation...

7.5CVSS7AI score0.14497EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.66 views

CVE-2006-3867

CVE-2006-3867 is a remote code execution vulnerability in Microsoft Excel triggered when Excel handles a crafted Lotus 1-2-3 file. The issue affects Excel on Windows (2000, XP, 2003) and Excel Viewer 2003, as well as Excel for Mac (2004) and Office v.X for Mac. The root cause is improper parsing ...

5.1CVSS7.1AI score0.09321EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.66 views

CVE-2010-3240

CVE-2010-3240 describes a remote code execution vulnerability in Microsoft Office Excel and related components (Excel 2002 SP3, Excel 2007 SP2, Excel Viewer SP2, and Office Compatibility Pack SP2) caused by an error in parsing Real Time Data Array records. An attacker could exploit this by convin...

9.3CVSS7.5AI score0.21413EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.66 views

CVE-2011-1277

CVE-2011-1277 affects Microsoft Excel 2002 SP3, Office 2008 for Mac, and the Open XML File Format Converter for Mac. The issue is due to improper validation of record information during Excel spreadsheet parsing, enabling a crafted file to cause remote code execution or memory corruption. The vul...

9.3CVSS7.7AI score0.16071EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.66 views

CVE-2011-1990

CVE-2011-1990 affects Microsoft Excel 2007 SP2, Excel in Office 2007 SP2, Excel Viewer SP2, Office Compatibility Pack SP2, and Excel Services on Office SharePoint Server 2007 SP2. The vulnerability arises from improper validation of the sign of an unspecified array index, allowing remote code exe...

9.3CVSS7.5AI score0.20486EPSS
CVE
CVE
added 2014/12/11 12:0 a.m.66 views

CVE-2014-6360

CVE-2014-6360 affects Microsoft Office Excel 2007 SP3, Excel 2010 SP2, and the Office Compatibility Pack. The vulnerability arises from improper handling of objects in memory while parsing Office files, allowing a remote attacker to execute arbitrary code by convincing a user to open a specially ...

9.3CVSS8.8AI score0.13352EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.65 views

CVE-2000-0419

The Office 2000 UA ActiveX control is described as wrongly marked “safe for scripting.” This vulnerability allows an intruder to script interactions through the control’s Show Me feature, potentially disabling macro warnings and enabling arbitrary actions within Office applications (e.g., launchi...

7.5CVSS6.7AI score0.20999EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.65 views

CVE-2000-0765

CVE-2000-0765 describes a buffer overflow in the HTML interpreter of Microsoft Office 2000 . An attacker could trigger the overflow via a long embedded object tag in HTML, allowing execution of arbitrary commands. The sources provide the vulnerability description but do not specify affected versi...

5.1CVSS7.7AI score0.03993EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.65 views

CVE-2010-0824

CVE-2010-0824 is one of multiple Excel memory‑corruption vulnerabilities in the MS10-038 family. It affects Microsoft Office Excel components when parsing the Excel file format, specifically via a malformed WOPT (0x80B) record that can enable remote code execution. Affected products include Excel...

9.3CVSS7.5AI score0.22392EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.64 views

CVE-2007-1756

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 are affected by CVE-2007-1756 due to improper validation of version information, which can lead to memory corruption and remote code execution when a crafted Excel file is opened. The vulnerability is triggered by us...

9.3CVSS7.3AI score0.32046EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.64 views

CVE-2007-3030

CVE-2007-3030 maps to a Workbook Memory Corruption vulnerability in Microsoft Excel affecting multiple products (Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer; also Mac OS X Excel 2004 per MS07-036). The issue arises when handling malformed Excel workbooks, leading to memory corruption that...

7.6CVSS7.3AI score0.25033EPSS
CVE
CVE
added 2010/03/10 10:0 p.m.64 views

CVE-2010-0261

Microsoft Excel MDXSET Record Heap Overflow (CVE-2010-0261) is a remote-code-execution vulnerability affecting Excel 2007 SP1/SP2 and the Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP1/SP2. The issue stems from parsing an MDXSET record that is broken into multiple recor...

9.3CVSS7.9AI score0.23095EPSS
CVE
CVE
added 2012/10/25 10:0 a.m.64 views

CVE-2012-5672

CVE-2012-5672 affects Microsoft Excel Viewer (Xlview.exe) and Excel in Office 2007. A crafted .xls spreadsheet can trigger a read access violation, causing an application crash (denial of service). The description and connected sources consistently describe the issue as a DoS via a malformed Exce...

4.3CVSS6.7AI score0.12581EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.63 views

CVE-2002-0616

CVE-2002-0616 refers to the Excel Inline Macros vulnerability in Microsoft Excel 2000/2002 for Windows. The Macro Security Model allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook. Affected products are Excel 2000 and 2002 on Windows; the un...

5.1CVSS7.2AI score0.09723EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.63 views

CVE-2006-1304

Microsoft Excel 2000–2003 contains a remote code execution vulnerability in the COLINFO record processing that can be triggered by a specially crafted .xls file. The underlying issue is a buffer overflow during a data filling operation, which could allow an attacker to execute arbitrary code with...

9.3CVSS7.4AI score0.10884EPSS
CVE
CVE
added 2006/07/13 10:0 p.m.63 views

CVE-2006-1308

CVE-2006-1308 is a remote code execution vulnerability in Microsoft Excel (2000–2004) caused by processing a malformed FNGROUPCOUNT value in an Excel file. The issue can be triggered when opening a specially crafted .xls, potentially allowing an attacker to execute arbitrary code in the security ...

9.3CVSS7.1AI score0.09278EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.63 views

CVE-2010-3236

CVE-2010-3236 – Out Of Bounds Array Vulnerability arises from Excel’s handling of certain records, allowing remote code execution if a user opens a specially crafted Excel file. Affected products listed across connected docs include Microsoft Excel 2002 SP3, Excel 2003 SP3, Microsoft Office 2004 ...

9.3CVSS7.6AI score0.21413EPSS
CVE
CVE
added 2003/04/03 5:0 a.m.62 views

CVE-2002-1143

Affected software: Microsoft Word and Microsoft Excel (Office suite). Vulnerability: information disclosure via field codes in Word (INCLUDETEXT) and external updates in Excel, allowing remote attackers to insert and exfiltrate local data when a document is returned to the attacker. Root cause: m...

5CVSS6.3AI score0.53564EPSS
CVE
CVE
added 2006/03/14 11:0 p.m.62 views

CVE-2006-0028

CVE-2006-0028 is a Microsoft Excel remote code execution vulnerability tied to malformed BIFF parsing format files that can corrupt memory and allow arbitrary code execution. Affected products include Excel 2000, 2002, and 2003 (and Office 2000 SP3 and related packages). Exploitation requires a u...

5.1CVSS7.1AI score0.16247EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.62 views

CVE-2016-3361

CVE-2016-3361 is a memory corruption vulnerability in Microsoft Office Excel 2010 SP2. A crafted document can cause remote code execution by improperly handling objects in memory, enabling an attacker to run arbitrary code in the context of the current user. Remediation is available via the Micro...

9.3CVSS7.7AI score0.17466EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.61 views

CVE-2008-0112

CVE-2008-0112 (Excel File Import Vulnerability) describes a remote code execution in Microsoft Excel 2000 SP3 and Office for Mac 2004/2008 triggered by importing a specially crafted SYLK (.slk) file. The underlying issue is improper validation/handling of SYLK data during import, allowing an atta...

9.3CVSS9.5AI score0.32235EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.61 views

CVE-2010-3231

CVE-2010-3231: Excel Record Parsing Memory Corruption Vulnerability. A remote-code-execution flaw in how Excel parses record information could allow code execution via a crafted Excel file. Affected: Excel on Mac (2004, 2008) and Open XML File Format Converter for Mac. Root cause: memory corrupti...

9.3CVSS7.6AI score0.20648EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.61 views

CVE-2010-3235

CVE-2010-3235 (Formula Biff Record Vulnerability) is a remote-code-execution flaw in Excel’s handling of formula information. The Microsoft Excel Formula Biff Record parsing path can be corrupted by specially crafted Excel files, enabling arbitrary code execution when opened by a user. Affected p...

9.3CVSS7.5AI score0.21413EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.61 views

CVE-2011-1279

The CVE-2011-1279 issue affects Microsoft Excel 2002 SP3, 2003 SP3, Office 2004/2008 for Mac, and Open XML File Format Converter for Mac. Root cause is improper validation/parsing of record information in Excel files, leading to memory corruption that enables remote code execution or denial of se...

9.3CVSS7.7AI score0.16968EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.61 views

CVE-2026-44818

CVE-2026-44818 affects Microsoft Excel. A integer underflow (wrap/wraparound) in Excel is described as allowing an unauthorized attacker to execute code locally. The associated CVSS 3.1 vector indicates Local attack vector, high impact on confidentiality, integrity, and availability, with High pr...

7CVSS7.2AI score0.00263EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0597

The CVE-2000-0597 entry concerns Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97. The vulnerability arises because these products are marked as safe for scripting, enabling a remote attacker to coax Internet Explorer or some email clients to save files to arbitrary locations via th...

7.5CVSS7.1AI score0.12148EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.60 views

CVE-2001-0718

The CVE-2001-0718 issue affects Microsoft Excel and PowerPoint (across Windows and Macintosh releases up to 2002). Affected components are the macro handling/data stream processing; attackers can bypass macro restrictions by modifying the document data stream, enabling arbitrary code execution wh...

7.5CVSS7.3AI score0.11055EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.60 views

CVE-2002-0615

CVE-2002-0615 affects Windows Media Player 7.1 (and related Media Player versions) where the Windows Media Active Playlist stores data in a well-known local file path, enabling HTML script execution in the Local Computer zone. Connected documentation also references MS02-032 (patch 320920) that f...

7.5CVSS6.2AI score0.05615EPSS
CVE
CVE
added 2006/03/14 11:0 p.m.60 views

CVE-2006-0029

CVE-2006-0029 is a remote code execution vulnerability in Microsoft Excel affecting Excel 2000, 2002, and 2003 via a data file containing a malformed description that can corrupt memory. The Microsoft Security Bulletin MS06-012 provides fixes for this issue across affected Office/Excel versions (...

5.1CVSS7.2AI score0.14633EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.60 views

CVE-2006-1306

CVE-2006-1306 is a Microsoft Excel remote code execution vulnerability in the Malformed OBJECT record. A crafted .xls file can cause an attacker-controlled function pointer to execute arbitrary code when opened, enabling code execution in the user’s context. The issue affects Office/Excel 2000–20...

9.3CVSS7.2AI score0.09278EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.60 views

CVE-2007-3029

CVE-2007-3029 details (normal mode) : Affected software is Microsoft Excel 2002 SP3 and Excel 2003 SP2. The root cause is Excel’s insufficient data validation when processing the number of active worksheets (Worksheet Memory Corruption Vulnerability), which can lead to memory corruption. An attac...

9.3CVSS7.5AI score0.30914EPSS
CVE
CVE
added 2007/06/29 6:0 p.m.60 views

CVE-2007-3490

Microsoft Excel 2003 SP2 contains a memory corruption vulnerability in the way it parses hostile XLS sheet names (as demonstrated by 2670.xls). A remote attacker could exploit this by persuading a user to open a crafted XLS file, potentially allowing arbitrary code execution in the security conte...

7.5CVSS9.5AI score0.36551EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.60 views

CVE-2008-0116

CVE-2008-0116 is a remote-code-execution vulnerability in Microsoft Excel’s handling of rich text values during memory loading. The issue affects Excel 2000 SP3–2003 SP2, Excel Viewer 2003, the Compatibility Pack, and Excel for Mac (2004/2008). A malformed rich-text tag in a crafted Excel file co...

9.3CVSS9.7AI score0.48229EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.60 views

CVE-2025-30381

CVE-2025-30381 is an Excel/Microsoft Office vulnerability describing an out-of-bounds read in Microsoft Office Excel that enables a local attacker to execute arbitrary code on the vulnerable system. The advisory notes a local attack vector and code execution impact, with CVSS v3.1 metrics indicat...

7.8CVSS7.6AI score0.00464EPSS
CVE
CVE
added 2006/07/13 10:0 p.m.59 views

CVE-2006-1301

CVE-2006-1301 affects Microsoft Excel 2000–2004 via a crafted SELECTION record that triggers memory corruption, allowing user-assisted arbitrary code execution. Root cause: insufficient validation when parsing SELECTION records, leading to memory corruption. Affected products: Excel 2000, 2002, 2...

9.3CVSS7.1AI score0.09824EPSS
CVE
CVE
added 2006/07/13 9:0 p.m.59 views

CVE-2006-1302

CVE-2006-1302 describes a memory corruption vulnerability in Microsoft Excel 2000–2003 (and related 2000–2004 variants) triggered by parsing certain fields in a SELECTION record within a .xls file, leading to possible arbitrary code execution when a user opens a crafted Excel file. The issue is a...

9.3CVSS7.4AI score0.13681EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.59 views

CVE-2010-3238

CVE-2010-3238 is a Remote Code Execution in Microsoft Excel via a crafted Excel file that abuses a memory handling error when parsing binary file-format information (Negative Future Function). Affected products include Microsoft Excel 2002 SP3, Excel 2003 SP3, and Office 2004 for Mac. The vulnera...

9.3CVSS7.6AI score0.21413EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.58 views

CVE-1999-0794

Issue summary : Microsoft Excel does not warn users when a macro is present inside a Symbolic Link (SYLK) format file. What is affected : Excel’s handling of SYLK files containing macros (no warning prompt to the user). Root cause / nature of vulnerability : Absence of user warning in the SYLK ma...

4.6CVSS6.8AI score0.01493EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.58 views

CVE-2010-3233

CVE-2010-3233 is part of a family of Excel vulnerabilities addressed by MS10-080. The public records describe multiple remote code execution flaws in Microsoft Office Excel/Office components (notably Lotus 1-2-3 and various Excel file formats) that could be triggered by opening specially crafted ...

9.3CVSS7.6AI score0.21413EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.57 views

CVE-1999-1055

CVE-1999-1055 (Microsoft Excel 97) vulnerabilities allow a malicious workbook to run arbitrary commands via the CALL worksheet function without warning. Affects Excel 97; root cause: worksheet functions can execute a malicious DLL. According to NVD, the issue has a base score of 7.5 (HIGH) with N...

7.5CVSS7.8AI score0.06885EPSS
Total number of security vulnerabilities446