Excel Security Vulnerabilities and Issues — Excel CVE List

Lucene search

MicrosoftExcel

10 matches found

CVE•added 2016/01/13 5:59 a.m.•85 views

CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013...

4.3CVSS5.1AI score0.13313EPSS

CVE•added 2017/03/17 12:59 a.m.•79 views

CVE-2017-0027

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclo...

4.7CVSS5AI score0.29533EPSS

CVE•added 2018/12/12 12:29 a.m.•75 views

CVE-2018-8598

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627.

4.7CVSS5AI score0.19881EPSS

CVE•added 2015/08/15 12:59 a.m.•74 views

CVE-2015-2423

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Vis...

4.3CVSS6.4AI score0.206EPSS

CVE•added 2015/07/14 9:59 p.m.•66 views

CVE-2015-2375

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypa...

4.3CVSS6.4AI score0.19992EPSS

CVE•added 2007/03/03 7:19 p.m.•65 views

CVE-2007-1239

Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.

4.3CVSS6.6AI score0.13284EPSS

CVE•added 2012/10/25 10:51 a.m.•50 views

CVE-2012-5672

Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.

4.3CVSS6.7AI score0.21949EPSS

CVE•added 2013/09/11 2:3 p.m.•50 views

CVE-2013-3159

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

4.3CVSS6.5AI score0.25439EPSS

CVE•added 2000/01/04 5:0 a.m.•47 views

CVE-1999-0794

Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.

4.6CVSS6.8AI score0.00304EPSS

CVE•added 2000/10/13 4:0 a.m.•36 views

CVE-2000-0637

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

4.6CVSS7.7AI score0.02732EPSS