446 matches found
CVE-2011-1278
CVE-2011-1278 affects Microsoft Excel 2002 SP3 and Office 2004 for Mac. The issue arises when parsing Excel record information, where input validation failures can lead to remote code execution or memory corruption via a crafted spreadsheet (Excel WriteAV vulnerability). The vulnerability is tied...
CVE-2026-44817
CVE-2026-44817 is an Excel vulnerability: an integer underflow (wrap/wraparound) in Microsoft Excel could allow a local attacker to execute code. Exploitation details in the public metrics show local access with user interaction required and high impact on confidentiality, integrity, and availabi...
CVE-2000-0637
Microsoft Excel 97 and 2000 are affected by a vulnerability in the Register.ID function that allows an attacker to trigger execution of arbitrary commands by specifying a malicious .dll; impact is arbitrary commands with local access. The provided documents do not include exploitation details or ...
CVE-2008-0114
CVE-2008-0114 describes a remote code execution vulnerability in Microsoft Excel’s handling of Style records. It affects Excel 2000 SP3 through 2003 SP2, Excel Viewer 2003, and Office for Mac 2004. The underlying issue is a memory handling error that occurs when loading specially crafted Excel fi...
CVE-2025-49711
Microsoft Office Excel is affected by CVE-2025-49711 (Use-after-free in Excel) enabling local code execution. The vulnerability is documented across multiple sources, with the Microsoft Excel RCE identified as the root cause and trusted updates released. Affected products include Microsoft Excel ...
CVE-2006-1309
CVE-2006-1309 is a Microsoft Excel vulnerability affecting Excel 2000–2004 where opening a crafted .xls file with a malformed LABEL record can trigger memory corruption and allow remote code execution. The underlying issue is memory corruption during processing of the LABEL record, potentially en...
CVE-2026-42832
This CVE (CVE-2026-42832) concerns Microsoft Office and is rooted in improper access control that enables a local attacker to spoof. Affected software is Microsoft Office; the vulnerability is described as allowing local spoofing with high impact to confidentiality and integrity (per CVSS 3.1 met...
CVE-2026-44812
CVE-2026-44812 affects Windows graphics component Win32K GRFX, where an integer overflow/wraparound in GRFX can allow an unauthorized attacker to execute code locally. The CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Exploitation details are not provide...
CVE-2026-32188
CVE-2026-32188 appears to be an information-disclosure vulnerability in Microsoft Excel. The entry lists Excel as the affected product and indicates the vulnerability is exploitable locally with user interaction required, and it has high impact on confidentiality and availability. The CVSSv3.1 ve...
CVE-2025-59235
CVE-2025-59235 is an information-disclosure vulnerability in Microsoft Excel (Office) caused by an out-of-bounds read. Public sources in the connected docs consistently identify the affected component as Excel within the Microsoft Office suite and link the issue to Excel information-disclosure mi...
CVE-2025-48812
CVE-2025-48812 affects Microsoft Excel (Office). An out-of-bounds read in Excel can allow a local attacker to disclose information. Public details in the provided documents indicate the issue impacts Excel 2016 and related Office components, with a local attack vector and high confidentiality imp...
CVE-2026-40362
Summary: CVE-2026-40362 is a heap-based buffer overflow in Microsoft Office Excel that allows a local attacker to execute code. The CVSS 3.1 vector indicates LOCAL attack, no privileges required, user interaction required, with a High impact on confidentiality, integrity, and availability (base s...
CVE-2026-45455
CVE-2026-45455 is an Excel information-disclosure vulnerability (out-of-bounds read) in Microsoft Office Excel. The issue allows an unauthorized attacker to disclose information over a network. Multiple connected documents confirm the affected component as Microsoft Excel (Office) and attribute t...
CVE-2026-45469
CVE-2026-45469 affects Microsoft Excel (Office) and is caused by an integer underflow/wraparound in Excel. The vulnerability can allow a local attacker to execute code on the affected system; the CVSS indicates LOCAL access, required user interaction, and high impact to confidentiality, integrity...
CVE-2026-45649
CVE-2026-45649 : Improper access control in Office for Android allows an unauthorized attacker to perform local spoofing. This is a local attack with user interaction required; impact on confidentiality and integrity is high, availability not affected. Connected documents confirm an Office for An...
CVE-2025-53735
CVE-2025-53735 is a Microsoft Excel remote code execution vulnerability caused by a use-after-free condition in Excel. The issue allows an attacker to run arbitrary code locally when a user opens a specially crafted Excel file. Microsoft has released security updates to address this vulnerability...
CVE-2025-53737
CVE-2025-53737 is a Microsoft Excel remote code execution vulnerability caused by a heap-based buffer overflow when opening specially crafted files. The connected sources (e.g., MSRC/Excel advisories and CNVD) confirm Excel as the affected product and cite heap-based overflow as the root cause le...
CVE-2026-26109
CVE-2026-26109 concerns a Microsoft Excel remote code execution vulnerability. The entry identifies Excel as affected and assigns a high impact on confidentiality, integrity, and availability per CVSS 3.1 metrics. The advisory notes a official fix is available, with an attack vector described as ...
CVE-2025-62553
CVE-2025-62553 affects Microsoft Excel (Office) with a use-after-free in Excel leading to local arbitrary code execution. The vulnerability, tracked across multiple advisories (CNVD/CNNVD/MSVCVE/NCSc) and confirmed by MSRC, is mitigated by December 2025 Office security updates (e.g., KB5002818/KB...
CVE-2026-44820
CVE-2026-44820 affects Microsoft Excel in Office. An integer underflow (wrap/wraparound) in Excel can allow a local attacker to execute code on the affected host. Exploitation requires local access and user interaction; no remote vector is indicated. The CVSS 3.1 base score is 7.8 (HIGH) with imp...
CVE-2025-54896
CVE-2025-54896 is a Use-After-Free vulnerability in Microsoft Office Excel that can enable local code execution. Affected component: Microsoft Excel (Office). Root cause: use-after-free condition in Excel leading to arbitrary code execution. Impact: remote code execution with high severity (per C...
CVE-2026-20957
CVE-2026-20957 is a Microsoft Excel/Office vulnerability caused by an integer underflow in Excel that could allow an attacker to execute code locally. The issue affects Microsoft Excel components across Office products (including Excel on Office Online Server and Excel 2016) and is documented as ...
CVE-2025-59232
CVE-2025-59232 is an information-disclosure vulnerability in Microsoft Excel (part of Microsoft Office) caused by an out-of-bounds read that can disclose local data. The issue affects Excel components within Office; remediation is available via Microsoft Office security updates released October 2...
CVE-2026-44823
The CVE-2026-44823 entry concerns an integer underflow (wrap or wraparound) in Microsoft Office Excel that could allow an attacker to execute code locally. Affected product: Microsoft Excel within Microsoft Office. The vulnerability is described as enabling local code execution with attack vector...
CVE-2026-32199
CVE-2026-32199 affects Microsoft Excel (Office) with a use-after-free in Excel that enables local code execution by an attacker. The vulnerability is listed under Excel-related issues in multiple advisories and is addressed by security updates from Microsoft (e.g., KB5002855 for Office Online Ser...
CVE-2026-40359
CVE-2026-40359 is a Microsoft Excel use-after-free remote code execution vulnerability. Description and NVD match: Excel component vulnerability allows an attacker to execute code locally due to a use-after-free condition. Exploitation status is not explicitly provided in the documents. Microsoft...
CVE-2025-54903
CVE-2025-54903 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel that could allow an attacker to execute code locally. The CVSS 3.1 metrics indicate a local, low-attack-complexity, no privileges required, with user interaction required, and high impac...
CVE-2025-60727
CVE-2025-60727 affects Microsoft Excel (Office) with an out-of-bounds read in Excel that enables local code execution. The vulnerability is documented across multiple feeds (MSRC/MSKB entries, CNVD, EUVD) and is associated with Excel-related exploitation in November 2025 advisories. The available...
CVE-2026-20950
CVE-2026-20950 is a Microsoft Excel remote code execution vulnerability reported as a use-after-free in Excel affecting Office/Excel components. Exploitation would allow an attacker to execute code locally on a vulnerable system. Multiple connected sources confirm Excel is affected and that updat...
CVE-2026-26108
CVE-2026-26108 is a Microsoft Excel heap-based buffer overflow vulnerability that allows an attacker to execute code locally. Multiple connected sources corroborate Excel as the affected component, with the underlying issue described as a heap-based overflow leading to remote code execution in Ex...
CVE-2025-62199
CVE-2025-62199 is a Microsoft Office remote code execution/use-after-free vulnerability. The CVE affects multiple Office components (notably Office and Excel) due to a memory-management flaw described as a use-after-free in Office, enabling a locally authenticated attacker to run arbitrary code. ...
CVE-2025-54902
Microsoft Excel in Office is affected by a local, user-interaction-requiring code-execution vulnerability due to an out-of-bounds read. The CVE-2025-54902 issue is documented as a Microsoft Excel remote code execution vulnerability with an affected vector described in the MSRC entry and corrobora...
CVE-2026-21261
CVE-2026-21261 describes an out-of-bounds read in Microsoft Excel that could allow a local attacker to disclose information. The issue affects Excel, with the root cause described as an out-of-bounds read in handling certain data, resulting in information disclosure (no impact on integrity or ava...
CVE-2026-26107
CVE-2026-26107 is a Microsoft Excel remote code execution vulnerability described as a use-after-free issue in Excel/Office. Affected software is Microsoft Excel within the Office suite; the underlying cause is use-after-free in Excel, enabling an attacker to execute code locally. Exploitation is...
CVE-2026-44822
CVE-2026-44822 describes an out-of-bounds read in Microsoft Office Excel that can allow an unauthenticated attacker to disclose information over the network. Affected product: Microsoft Excel within Office. Underlying cause is an out-of-bounds read; the CVSS 3.1 base score is 8.2 (High) with netw...
CVE-2025-53741
CVE-2025-53741 is a Microsoft Excel remote code execution vulnerability caused by a heap-based buffer overflow in Excel. The CVE is linked to Office/Excel components and is rated HIGH (CVSS: LOCAL, LOW-EXPLOITABILITY, requiring user interaction). Corporate advisories and MSRC update guides indica...
CVE-2026-20946
CVE-2026-20946 is an Out-of-bounds read in Microsoft Office Excel that allows local code execution. Connected sources confirm Excel/Office impact and provide remediation via the January 2026 security updates (e.g., KB5002831 for Excel 2016; MSRC update guidance). Affected products include Excel 2...
CVE-2025-54898
CVE-2025-54898 is a Microsoft Excel remote code execution vulnerability: an out-of-bounds read in Excel allows an attacker to run code locally on a user’s machine, with a local attack vector, no privileges required, and user interaction needed. The CVSS 3.1 vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/...
CVE-2025-54904
CVE-2025-54904 is a use-after-free vulnerability in Microsoft Office Excel that allows an authenticated local attacker to execute code. The issue affects Excel/Office components and results in a local code execution impact with high severity. Microsoft has released a security update (KB5002776) t...
CVE-2025-53739
Microsoft Excel remote code execution via a type confusion error (CVE-2025-53739) affects Office Excel engines when handling specially crafted files. The issue is described as an incompatible type resource access leading to local code execution. Publicly documented impact states attacker-controll...
CVE-2025-54899
CVE-2025-54899 is an Excel Remote Code Execution vulnerability due to heap memory management error in Microsoft Excel/Office components (freeing memory on the heap). The CVE has a 3.1 base score of 7.8 (HIGH) with LOCAL exploit and USER INTERACTION required, per Microsoft advisory. Public referen...
CVE-2025-54900
CVE-2025-54900 is a Microsoft Excel remote code execution vulnerability described as a heap-based buffer overflow in Excel that allows an attacker with local access to run code on the affected system. The CVE is documented for Microsoft Office Excel/Office products and is tracked with a high impa...
CVE-2025-54901
CVE-2025-54901 affects Microsoft Excel (Office) with a buffer over-read that could allow a local attacker to disclose information. The CVE is linked to a Microsoft Excel information-disclosure vulnerability (CVE-2025-54901) with confirmed public references; the contribution notes indicate an info...
CVE-2026-32197
CVE-2026-32197 is a vulnerability described across multiple sources as a Use-after-free in Microsoft Office Excel that allows an attacker to locally execute code. The Windows/Office context is supported by the primary CVE entry and the MACOS Nessus notes referencing Excel exploits in the April 20...
CVE-2026-21259
CVE-2026-21259 is a heap-based buffer overflow in Microsoft Excel (Office) that enables local privilege escalation. Multiple sources (MSRC advisory, CNVD, CIRCL sightings, KB entries) confirm Excel as the affected product and indicate that Microsoft released February 2026 security updates (e.g., ...
CVE-2026-32198
CVE-2026-32198 is a use-after-free vulnerability in Microsoft Office Excel that can allow a local attacker to execute arbitrary code on the affected system. The vulnerability is described in multiple sources as affecting Microsoft Excel, with the underlying issue being a use-after-free in Excel’s...
CVE-2025-59231
CVE-2025-59231 is a Microsoft Excel vulnerability described as a type-confusion in Excel that could allow an attacker with local access to execute code on the affected system. The associated Nessus findings and Microsoft advisories indicate multiple October 2025 office updates address this and re...
CVE-2025-62560
Microsoft Excel/Office contains a local-code-execution vulnerability due to an untrusted pointer dereference in Excel. Affected product: Microsoft Excel (part of Microsoft Office). Root cause: untrusted pointer dereference within Excel’s code path. Impact: local code execution with high confident...
CVE-2026-40360
CVE-2026-40360 is an information-disclosure vulnerability in Microsoft Excel caused by an out-of-bounds read, enabling a local attacker to disclose data. The available documents identify the affected product as Microsoft Excel and describe a local attack that could lead to confidential informatio...
CVE-2025-59223
CVE-2025-59223 is a Microsoft Excel remote code execution vulnerability caused by a use-after-free in Excel. Connected sources confirm this CVE is part of a broader October 2025 Office/Excel/Mac updates package and is addressed by security updates from Microsoft (e.g., KB5002794 for Excel 2016) a...