1024 matches found
CVE-2017-0199
CVE-2017-0199 affects Microsoft Office client suites (Office 2007 SP3, 2010 SP2, 2013 SP1, 2016) and Windows platforms (Vista SP2, Server 2008 SP2, 7 SP1, 8.1). The vulnerability allows remote code execution via a crafted document, exploiting how Office components interact with the Windows API an...
CVE-2017-11882
CVE-2017-11882 is a memory corruption vulnerability in Microsoft Office's Equation Editor that affects Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016. The flaw resides in eqnedt32.exe, an out-of-process COM server, and can lead to remote code execution when a user opens a specially crafted Word do...
CVE-2018-0802
CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...
CVE-2023-23397
CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...
CVE-2012-0158
CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...
CVE-2017-8570
CVE-2017-8570 concerns Microsoft Office and is described as a remote code execution vulnerability caused by how Office handles objects in memory (notably monikers/embedded objects in documents). Multiple connected sources corroborate the vulnerability class as an Office memory object handling iss...
CVE-2021-42292
CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...
CVE-2010-3333
CVE-2010-3333 is a stack-based buffer overflow in Microsoft Office’s RTF parser (pFragments shape property) that enables remote code execution via crafted RTF data. Affected products include Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office for Mac 2004/2008, Office for Mac 201...
CVE-2018-0798
The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2015-1641
CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...
CVE-2019-0585
CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...
CVE-2023-28295
CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...
CVE-2013-3906
CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...
CVE-2017-0262
CVE-2017-0262 affects Microsoft Office 2010 SP2, 2013 SP1, and 2016. The issue is a remote code execution vulnerability caused by the software not properly handling objects in memory, referred to as the Office Remote Code Execution vulnerability. The vulnerability is tied to Office products loadi...
CVE-2017-0261
Microsoft Office remote code execution vulnerability (CVE-2017-0261) affects Office 2010 SP2, 2013 SP1, and 2016. Root cause: improper handling of in-memory objects while parsing specially crafted files (EPS/Office formats). Exploitation involves convincing a user to open a crafted file, enabling...
CVE-2021-38646
CVE-2021-38646 is a Microsoft Office Access Connectivity Engine remote code execution vulnerability. The Nessus plugin confirms it affects Office products via the Access connectivity engine and ties remediation to September 2021 Office security updates (e.g., KB5001958 for Office 2013 and KB50019...
CVE-2021-27059
CVE-2021-27059 is a Microsoft Office Remote Code Execution vulnerability with public advisories and multiple security updates. The provided documents indicate affected products include Office 2010, Office 2013, and Office 2016 (32/64‑bit), across multiple Service Packs. The root cause is not expl...
CVE-2019-1297
CVE-2019-1297 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker can exploit it by convincing a user to open a specially crafted file, executing arbitrary code in the user’s context (higher impact if admin). The vulnerability is add...
CVE-2013-1331
CVE-2013-1331 is a buffer overflow in Microsoft Office 2003 SP3 and Office for Mac 2011 triggered when parsing PNG data embedded in an Office document, allowing remote attackers to execute arbitrary code. The vulnerability can be exploited through crafted PNG content, potentially via documents th...
CVE-2019-0541
CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...
CVE-2014-1761
CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...
CVE-2006-2492
CVE-2006-2492 is a buffer overflow in Microsoft Word (Office 2000 SP3, XP SP3, 2003 SP1/SP2) and Microsoft Works through 2006 caused by a malformed object pointer. The flaw allows arbitrary code execution and requires user interaction (via opening a crafted Word/Works document). Affected products...
CVE-2015-1770
CVE-2015-1770 affects Microsoft Office 2013 SP1 and Office 2013 RT SP1, via uninitialized memory use in Office components when processing crafted Office documents, enabling remote code execution. The vulnerability’s impact is high (CVE/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network vector and ...
CVE-2009-3129
CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...
CVE-2009-0563
CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...
CVE-2009-0557
CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...
CVE-2016-7193
Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...
CVE-2015-2424
CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...
CVE-2015-2545
CVE-2015-2545 affects Microsoft Office (2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1) via a crafted EPS image that triggers memory corruption during EPS parsing, enabling remote code execution. FireEye details describe an EPS-encoded use-after-free in Office’s EPS handling (dict copy/forall flow) le...
CVE-2015-1642
CVE-2015-1642 affects multiple Microsoft Office products (Office 2007 SP3, 2010 SP2, 2013 SP1) via memory corruption when parsing crafted Office files, allowing remote code execution. Microsoft issued MS15-081 with a suite of updates (e.g., 2687409 for Office 2007/2010/2013 components and related...
CVE-2023-36761
CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2023-35311
Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.
CVE-2023-36762
CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...
CVE-2024-38200
CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://…) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...
CVE-2023-36767
CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...
CVE-2025-59240
CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...
CVE-2023-36763
CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...
CVE-2018-8628
CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...
CVE-2026-21509
CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...
CVE-2023-36766
CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...
CVE-2023-36765
CVE-2023-36765 is a Microsoft Office Elevation of Privilege vulnerability affecting multiple Office components (Word, Excel, Outlook, SharePoint, etc.). Connected sources identify it as enabling elevation of privileges (impact: high) with CVSS 3.1 base score around 7.8–9.8 across documents, and n...
CVE-2023-41764
CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...
CVE-2018-1028
CVE-2018-1028 is a remote code execution vulnerability in the Office graphics component that occurs when handling specially crafted embedded fonts. It affects Word, Microsoft Office, SharePoint, Excel, and SharePoint Server. Successful exploitation could allow an attacker to take control of the a...
CVE-2024-20673
CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...
CVE-2023-28287
CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...
CVE-2024-43600
CVE-2024-43600 is a Microsoft Office elevation-of-privilege vulnerability affecting Office components (notably Word/Excel/Access) with a local attack vector and low user interaction requirements. The root cause is described as an elevation of privilege in Office; exploitation can grant total cont...
CVE-2023-33137
CVE-2023-33137 is an Excel remote code execution vulnerability affecting Microsoft Excel. Public details in connected sources identify Excel 2016 (32/64‑bit) as impacted and point to a security update KB5002405 that resolves the issue. The CVSS-derived data in the initial record indicates local a...
CVE-2017-0281
CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...