Lucene search
K
MicrosoftOffice

1024 matches found

CVE
CVE
added 2017/04/12 2:0 p.m.3789 views

CVE-2017-0199

CVE-2017-0199 affects Microsoft Office client suites (Office 2007 SP3, 2010 SP2, 2013 SP1, 2016) and Windows platforms (Vista SP2, Server 2008 SP2, 7 SP1, 8.1). The vulnerability allows remote code execution via a crafted document, exploiting how Office components interact with the Windows API an...

9.3CVSS8.3AI score0.99933EPSS
In wild
CVE
CVE
added 2017/11/15 3:0 a.m.2718 views

CVE-2017-11882

CVE-2017-11882 is a memory corruption vulnerability in Microsoft Office's Equation Editor that affects Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016. The flaw resides in eqnedt32.exe, an out-of-process COM server, and can lead to remote code execution when a user opens a specially crafted Word do...

9.3CVSS8.3AI score0.99945EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.2386 views

CVE-2018-0802

CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...

9.3CVSS8.5AI score0.93289EPSS
In wild
CVE
CVE
added 2023/03/14 4:55 p.m.1985 views

CVE-2023-23397

CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...

9.8CVSS8.3AI score0.97408EPSS
In wild
CVE
CVE
added 2012/04/10 9:0 p.m.1728 views

CVE-2012-0158

CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...

9.3CVSS7.8AI score0.99966EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.1368 views

CVE-2017-8570

CVE-2017-8570 concerns Microsoft Office and is described as a remote code execution vulnerability caused by how Office handles objects in memory (notably monikers/embedded objects in documents). Multiple connected sources corroborate the vulnerability class as an Office memory object handling iss...

9.3CVSS8AI score0.89889EPSS
In wild
CVE
CVE
added 2021/11/10 12:47 a.m.1324 views

CVE-2021-42292

CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...

7.8CVSS7.6AI score0.31949EPSS
In wild
CVE
CVE
added 2010/11/10 1:0 a.m.1323 views

CVE-2010-3333

CVE-2010-3333 is a stack-based buffer overflow in Microsoft Office’s RTF parser (pFragments shape property) that enables remote code execution via crafted RTF data. Affected products include Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office for Mac 2004/2008, Office for Mac 201...

9.3CVSS8.1AI score0.89497EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.1314 views

CVE-2018-0798

The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...

9.3CVSS8.8AI score0.95121EPSS
In wild
CVE
CVE
added 2012/08/15 1:0 a.m.1264 views

CVE-2012-1856

CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...

9.3CVSS7.9AI score0.72119EPSS
In wild
CVE
CVE
added 2015/04/14 8:0 p.m.1219 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1182 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2023/06/17 12:29 a.m.1162 views

CVE-2023-28295

CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
added 2013/11/06 11:0 a.m.1131 views

CVE-2013-3906

CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...

9.3CVSS9.4AI score0.84971EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.1121 views

CVE-2017-0262

CVE-2017-0262 affects Microsoft Office 2010 SP2, 2013 SP1, and 2016. The issue is a remote code execution vulnerability caused by the software not properly handling objects in memory, referred to as the Office Remote Code Execution vulnerability. The vulnerability is tied to Office products loadi...

9.3CVSS8AI score0.80734EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.1119 views

CVE-2017-0261

Microsoft Office remote code execution vulnerability (CVE-2017-0261) affects Office 2010 SP2, 2013 SP1, and 2016. Root cause: improper handling of in-memory objects while parsing specially crafted files (EPS/Office formats). Exploitation involves convincing a user to open a crafted file, enabling...

9.3CVSS8AI score0.7813EPSS
In wild
CVE
CVE
added 2021/09/15 11:24 a.m.1110 views

CVE-2021-38646

CVE-2021-38646 is a Microsoft Office Access Connectivity Engine remote code execution vulnerability. The Nessus plugin confirms it affects Office products via the Access connectivity engine and ties remediation to September 2021 Office security updates (e.g., KB5001958 for Office 2013 and KB50019...

7.8CVSS7.5AI score0.04044EPSS
In wild
CVE
CVE
added 2021/03/11 3:49 p.m.1093 views

CVE-2021-27059

CVE-2021-27059 is a Microsoft Office Remote Code Execution vulnerability with public advisories and multiple security updates. The provided documents indicate affected products include Office 2010, Office 2013, and Office 2016 (32/64‑bit), across multiple Service Packs. The root cause is not expl...

8.5CVSS7.7AI score0.03182EPSS
In wild
CVE
CVE
added 2019/09/11 9:25 p.m.1090 views

CVE-2019-1297

CVE-2019-1297 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker can exploit it by convincing a user to open a specially crafted file, executing arbitrary code in the user’s context (higher impact if admin). The vulnerability is add...

9.3CVSS8.8AI score0.21805EPSS
In wild
CVE
CVE
added 2013/06/12 1:0 a.m.1086 views

CVE-2013-1331

CVE-2013-1331 is a buffer overflow in Microsoft Office 2003 SP3 and Office for Mac 2011 triggered when parsing PNG data embedded in an Office document, allowing remote attackers to execute arbitrary code. The vulnerability can be exploited through crafted PNG content, potentially via documents th...

9.3CVSS7.8AI score0.81877EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1077 views

CVE-2019-0541

CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...

9.3CVSS7.9AI score0.53202EPSS
In wild
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2006/05/20 12:0 a.m.1019 views

CVE-2006-2492

CVE-2006-2492 is a buffer overflow in Microsoft Word (Office 2000 SP3, XP SP3, 2003 SP1/SP2) and Microsoft Works through 2006 caused by a malformed object pointer. The flaw allows arbitrary code execution and requires user interaction (via opening a crafted Word/Works document). Affected products...

8.8CVSS7.4AI score0.48387EPSS
In wild
CVE
CVE
added 2015/06/10 1:0 a.m.1012 views

CVE-2015-1770

CVE-2015-1770 affects Microsoft Office 2013 SP1 and Office 2013 RT SP1, via uninitialized memory use in Office components when processing crafted Office documents, enabling remote code execution. The vulnerability’s impact is high (CVE/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network vector and ...

9.3CVSS7.5AI score0.35105EPSS
In wild
CVE
CVE
added 2009/11/11 7:0 p.m.1004 views

CVE-2009-3129

CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...

9.3CVSS7.5AI score0.85731EPSS
In wild
CVE
CVE
added 2009/06/10 5:37 p.m.995 views

CVE-2009-0563

CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...

9.3CVSS8.1AI score0.63081EPSS
In wild
CVE
CVE
added 2009/06/10 6:0 p.m.992 views

CVE-2009-0557

CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...

9.3CVSS7.5AI score0.58551EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.955 views

CVE-2016-7193

Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...

9.3CVSS7.8AI score0.57705EPSS
In wild
CVE
CVE
added 2015/07/14 9:0 p.m.935 views

CVE-2015-2424

CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...

9.3CVSS9.3AI score0.38497EPSS
In wild
CVE
CVE
added 2015/09/09 12:0 a.m.927 views

CVE-2015-2545

CVE-2015-2545 affects Microsoft Office (2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1) via a crafted EPS image that triggers memory corruption during EPS parsing, enabling remote code execution. FireEye details describe an EPS-encoded use-after-free in Office’s EPS handling (dict copy/forall flow) le...

9.3CVSS7.4AI score0.86053EPSS
In wild
CVE
CVE
added 2015/08/15 12:0 a.m.918 views

CVE-2015-1642

CVE-2015-1642 affects multiple Microsoft Office products (Office 2007 SP3, 2010 SP2, 2013 SP1) via memory corruption when parsing crafted Office files, allowing remote code execution. Microsoft issued MS15-081 with a suite of updates (e.g., 2687409 for Office 2007/2010/2013 components and related...

9.3CVSS7.5AI score0.53213EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.810 views

CVE-2023-36761

CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...

6.5CVSS6AI score0.18959EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.686 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2023/07/11 5:3 p.m.637 views

CVE-2023-35311

Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.

8.8CVSS7.9AI score0.15028EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.570 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2024/08/08 8:45 p.m.542 views

CVE-2024-38200

CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://…) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...

9.1CVSS7.5AI score0.19534EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.518 views

CVE-2023-36767

CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...

4.3CVSS4.8AI score0.03324EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.511 views

CVE-2025-59240

CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...

5.5CVSS5AI score0.00558EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.509 views

CVE-2023-36763

CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...

7.5CVSS7.2AI score0.01908EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.503 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2026/01/26 5:6 p.m.489 views

CVE-2026-21509

CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...

7.8CVSS5.9AI score0.72152EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.470 views

CVE-2023-36766

CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...

7.8CVSS6AI score0.01487EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.459 views

CVE-2023-36765

CVE-2023-36765 is a Microsoft Office Elevation of Privilege vulnerability affecting multiple Office components (Word, Excel, Outlook, SharePoint, etc.). Connected sources identify it as enabling elevation of privileges (impact: high) with CVSS 3.1 base score around 7.8–9.8 across documents, and n...

9.8CVSS8.6AI score0.01001EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.451 views

CVE-2023-41764

CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...

5.5CVSS5.6AI score0.0119EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.393 views

CVE-2018-1028

CVE-2018-1028 is a remote code execution vulnerability in the Office graphics component that occurs when handling specially crafted embedded fonts. It affects Word, Microsoft Office, SharePoint, Excel, and SharePoint Server. Successful exploitation could allow an attacker to take control of the a...

9.3CVSS8.3AI score0.19113EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.381 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01177EPSS
CVE
CVE
added 2023/06/17 12:29 a.m.320 views

CVE-2023-28287

CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.320 views

CVE-2024-43600

CVE-2024-43600 is a Microsoft Office elevation-of-privilege vulnerability affecting Office components (notably Word/Excel/Access) with a local attack vector and low user interaction requirements. The root cause is described as an elevation of privilege in Office; exploitation can grant total cont...

7.8CVSS7AI score0.01201EPSS
CVE
CVE
added 2023/06/13 11:25 p.m.315 views

CVE-2023-33137

CVE-2023-33137 is an Excel remote code execution vulnerability affecting Microsoft Excel. Public details in connected sources identify Excel 2016 (32/64‑bit) as impacted and point to a security update KB5002405 that resolves the issue. The CVSS-derived data in the initial record indicates local a...

7.8CVSS7.8AI score0.02748EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.307 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
Total number of security vulnerabilities1024