109 matches found
CVE-2016-7262
CVE-2016-7262 is a Microsoft Office vulnerability (Microsoft Excel family) described as a Security Feature Bypass: a crafted cell mishandled on click can allow user-assisted remote command execution. Affected products include Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibi...
CVE-2009-3129
CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...
CVE-2012-1847
CVE-2012-1847 affects Microsoft Office Excel and related components (Excel 2003 SP3; Excel 2007 SP2/SP3; Excel 2010 SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability stems from memory handling when opening specially crafted spreadsheets, enabling r...
CVE-2012-0142
CVE-2012-0142 involves a memory corruption vulnerability in Microsoft Excel/file format handling (OBJECTLINK record) that can be triggered by opening a crafted spreadsheet, leading to remote code execution. Affected products include Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008, Exc...
CVE-2012-0184
CVE-2012-0184 affects Microsoft Excel and related Office components: Excel 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3. The issue is a memory handling error when opening a crafted spreadsheet, enabling remote code execution. Thi...
CVE-2011-1988
Microsoft Excel heap memory corruption vulnerability (MS11-072) tied to parsing BIFF2 records in Excel files can allow remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, Office 2007 SP2, Office for Mac variants, Open XML Converter for Mac, Excel Viewer SP2, and related Mac...
CVE-2013-1315
CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...
CVE-2012-2543
CVE-2012-2543 is a stack-based buffer overflow in Microsoft Excel components (Windows: Excel 2007 SP2/SP3, Excel 2010 SP1; Mac: Office 2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability arises while handling crafted spreadsheets, enabling remote code execution. Connected so...
CVE-2009-3130
CVE-2009-3130 corresponds to the Excel Document Parsing Heap Overflow vulnerability. Affected software includes Microsoft Office Excel 2002 SP3, Excel 2003 and newer on Windows via BIFF parsing, and Office for Mac variants plus the Open XML File Format Converter for Mac. The root cause is imprope...
CVE-2011-0097
CVE-2011-0097 is a Microsoft Excel integer-overflow in the 400h substream parsing that can trigger a stack-based buffer overflow and remote code execution. Affected are Excel on Windows (2002 SP3/2003 SP3/2007 SP2/2010) and Mac variants, plus related File Format converters/viewers. The vulnerabil...
CVE-2012-0141
CVE-2012-0141 affects Microsoft Excel and related Office components across Windows and Mac platforms (Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1/Gold, Office 2011 for Mac, Excel Viewer, Office Compatibility Pack). The root cause is memory corruption during parsing/opening specially crafted Excel/RTF ...
CVE-2012-1885
CVE-2012-1885 is a heap-based buffer overflow in Microsoft Excel components that affects Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008/2011, and Office Compatibility Pack SP2/SP3. The root cause is a SerAuxErrBar heap overflow triggered by processing a crafted spreadsheet, enabling ...
CVE-2013-3158
CVE-2013-3158 affects Microsoft Excel 2003 SP3 and 2007 SP3, where memory corruption in parsing crafted Office documents can lead to remote code execution or denial of service. Root cause is memory corruption within Excel’s handling of Office file content. Exploitation details are not provided in...
CVE-2011-1273
Microsoft Excel (Windows: 2002/2003/2007/2010; Mac: 2004/2008/2011; Open XML Converter for Mac; Excel Viewer; Office Compatibility Pack) is affected by CVE-2011-1273 due to improper validation/parsing of Excel records. Multiple advisories attribute the issue to parsing errors (record-type handlin...
CVE-2017-8631
CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...
CVE-2017-11878
CVE-2017-11878 affects multiple Microsoft Excel/Office components (Excel 2007 SP3, 2017-era Excel/Viewer and Office Compatibility Pack SP3). The vulnerability arises from improper handling of objects in memory, leading to memory corruption that can allow an attacker to execute arbitrary code in t...
CVE-2017-11877
CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...
CVE-2016-0122
CVE-2016-0122 affects Microsoft Office Excel across multiple versions (2007 SP3, 2010 SP2, 2013 SP1/RT SP1, 2016) and Office components; the vulnerability is a memory corruption/out-of-bounds read in Excel that enables remote code execution when a specially crafted Office document is opened. An e...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2018-0796
CVE-2018-0796 is a remote code execution vulnerability affecting Microsoft Excel in Office 2007–2016 due to how in-memory objects are handled. The core issue enables an attacker to run arbitrary code when a crafted file is opened, with a CVSS v3 base score of 8.8 (HIGH) and NETWORK attack vector,...
CVE-2015-2520
CVE-2015-2520 affects Microsoft Office components including Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer. The root cause is a memory corruption due to improper handling of objects in memory, leading to remote code execution when a crafte...
CVE-2017-0006
Technical details (affected products, root cause, and remediation) are not provided in the connected documents beyond the initial CVE summary; monitor for updates.
CVE-2016-3233
CVE-2016-3233 concerns Microsoft Office memory corruption affecting Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3. A crafted Office document can trigger a memory corruption that allows remote code execution. Exploitation requires a user to open the specially crafted file (user...
CVE-2016-3358
CVE-2016-3358 affects Microsoft Office and Excel components across Windows and Mac platforms (Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; Office Online Server; Office Viewer; SharePoint Excel Services). The vulnerability is described as a memory corruption in Office applications that a...
CVE-2017-0052
The CVE affects Microsoft Office components: Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3. It is a memory corruption vulnerability exploitable via a crafted document, potentially allowing remote code execution or denial of service. ...
CVE-2017-0027
CVE-2017-0027 affects Microsoft Office products including Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1. Description: information disclosure from process memory when processing a crafted Office docume...
CVE-2015-0085
CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...
CVE-2016-0012
CVE-2016-0012 affects Microsoft Office suite (2007–2016 and related components) and is described as a security feature/ASLR bypass vulnerability. Connected OpenVAS entries explicitly reference remote bypass vectors in Office components (PowerPoint, Visio, Word, Excel, VB runtime) and note exploit...
CVE-2017-0194
CVE-2017-0194 affects Microsoft Excel 2007 SP3, Excel 2010 SP2 and Office Compatibility Pack SP2. It is an Information Disclosure vulnerability where crafted Office documents can cause memory objects to disclose sensitive memory contents due to improper handling of memory. Root cause: improper ha...
CVE-2016-7265
CVE-2016-7265 affects Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3/2010 SP2). The vulnerability is described as an information disclosure via an out-of-boun...
CVE-2010-0821
CVE-2010-0821 is identified in connected advisories as the Excel SXVIEW record parsing memory corruption vulnerability. It allows remote code execution if a user opens a specially crafted Excel file, due to improper parsing of SXVIEW structures. Exploitation requires user interaction (opening a c...
CVE-2017-8501
CVE-2017-8501 is described across connected CNVD/OpenVAS entries as a memory corruption vulnerability in Microsoft Office components (notably Word/Excel/SharePoint) that can be triggered by specially crafted files to yield remote code execution or DoS under the current user. The root cause cited ...
CVE-2015-6038
CVE-2015-6038 affects Microsoft Office products including Excel 2007/2010/2013/2016 (Windows and Mac) and related components, as well as Excel Services on SharePoint Server and Office viewers. The vulnerability stems from memory corruption triggered by specially crafted Office documents, enabling...
CVE-2016-7266
CVE-2016-7266 affects multiple Microsoft Office/Excel variants (Windows: Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016; macOS: Excel 2016) and the Office Compatibility Pack, Excel Viewer, and Excel for Mac. The root cause is mishandling of a registry check when running embedded content, d...
CVE-2009-0238
CVE-2009-0238 corresponds to a remote code execution vulnerability in Microsoft Office Excel and related components (Excel Viewer, Compatibility Pack, and Mac variants) triggered by opening a crafted Excel document that causes an invalid object access. The issue manifests as memory/code execution...
CVE-2016-3359
CVE-2016-3359 affects Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Viewer). The issue is a memory corruption vulnerability in Office that allows remote code execution via a crafted document. The CVE entry’s linked sources (NVD/NVD-variant and r...
CVE-2018-0907
CVE-2018-0907 is a security feature bypass in Microsoft Excel/Office products caused by how macro settings are enforced. Affected: Excel 2007 SP3, 2010 SP2, 2013 SP1, 2016, and Office 2016 for Mac, including Office 2016 Click-to-Run. Core issue: bypasses to macro security controls (security featu...
CVE-2015-2423
CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...
CVE-2011-0098
CVE-2011-0098 corresponds to a remote code execution vulnerability in Microsoft Office Excel. The issue is a buffer/heap overflow in parsing the Label record (Excel file format), allowing remote attackers to run arbitrary code by convincing a user to open a malicious XLS file. Affected products i...
CVE-2016-0136
CVE-2016-0136 affects Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2. The root cause is memory corruption from improper handling of objects in memory, enabling remote code execution when a crafted Office document ...
CVE-2010-0257
CVE-2010-0257 is a remote code execution vulnerability in Microsoft Excel 2002 SP3 and Excel XP related to memory corruption when processing EntExU2 records in a crafted Excel file. Exploitation could allow an attacker to take full control of the affected system by convincing a user to open a mal...
CVE-2009-3127
CVE-2009-3127 (Excel Cache Memory Corruption) is a remote code execution vulnerability in Microsoft Office Excel variants: Excel 2002 SP3, 2003 SP3, 2004/2008 for Mac, Open XML File Format Converter for Mac, and Excel Viewer 2003 SP3. It stems from improper parsing of the Excel file format, allow...
CVE-2015-2376
CVE-2015-2376 affects multiple Microsoft Office components (Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1/RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3/2010 SP2/2013 SP1). The vulnerability is a memory corrupti...
CVE-2015-2521
CVE-2015-2521 is a memory corruption vulnerability in Microsoft Office components (Excel 2007 SP3/2010 SP2, Office Compatibility Pack, Excel Viewer) that allows remote code execution when processing specially crafted Office documents. Public sources confirm in-the-wild exploitation for this famil...
CVE-2016-3362
CVE-2016-3362 and CVE-2016-3365 are memory‑corruption vulnerabilities in Microsoft Office components (notably Excel across multiple versions and Office/SharePoint services) that allow remote code execution via a crafted document. The root cause is memory handling flaws in Office components when p...
CVE-2015-2523
CVE-2015-2523 describes a memory corruption vulnerability in Microsoft Office components (notably Excel 2007 SP3, 2010 SP2, 2013 SP1/RT SP1, Mac 2011/2016, Office Compatibility Pack SP3, and Excel Viewer) that allows remote code execution when processing crafted Office documents. The root cause i...
CVE-2018-1027
Microsoft Excel/Office are affected by CVE-2018-1027, a remote code execution vulnerability caused by improper handling of in-memory objects. The issue affects Excel and Office suites, enabling potential code execution when loaded with crafted data. CVSS references show a high-severity impact (C ...
CVE-2015-6122
CVE-2015-6122 is part of the MS15-131 memory corruption family affecting multiple Microsoft Office products. The connected Nessus plugin (MS15-131) links CVE-2015-6122 to remote code execution via crafted Office documents, with Mac OS X Office versions (MACOSX_MS15-131_OFFICE.NASL) and Office for...
CVE-2015-2378
CVE-2015-2378 is an Untrusted Search Path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3. The root cause is DLL loading from the current working directory (Trojan horse DLL) that enables local privilege elevation. Documents indi...
CVE-2016-7229
CVE-2016-7229 is a memory corruption vulnerability in Microsoft Office/Excel affecting multiple Office versions (including Excel 2007/2010/2013/2016 and Mac variants) that allows remote code execution via a crafted Office document. The issue stems from improper handling of objects in memory, enab...