Lucene search
K
MicrosoftOffice 365 Proplus

84 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.1182 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2019/09/11 9:25 p.m.1090 views

CVE-2019-1297

CVE-2019-1297 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker can exploit it by convincing a user to open a specially crafted file, executing arbitrary code in the user’s context (higher impact if admin). The vulnerability is add...

9.3CVSS8.8AI score0.21805EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1077 views

CVE-2019-0541

CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...

9.3CVSS7.9AI score0.53202EPSS
In wild
CVE
CVE
added 2018/12/12 12:0 a.m.503 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2019/07/15 6:56 p.m.274 views

CVE-2019-1084

CVE-2019-1084 affects Microsoft Exchange (display name creation with non-printable characters) leading to information disclosure. Root cause: display names with invalid characters bypass visibility controls and can be added to conversations; impact is partial confidentiality exposure per CVSS dat...

6.5CVSS5.3AI score0.05328EPSS
CVE
CVE
added 2019/07/29 2:9 p.m.213 views

CVE-2019-1111

CVE-2019-1111 describes a remote code execution vulnerability in Microsoft Excel due to improper handling of in-memory objects. Exploitation could allow arbitrary code execution in the context of the current user; with administrative rights, control of the system is possible. The vulnerability is...

9.3CVSS8.8AI score0.1316EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.211 views

CVE-2020-0650

CVE-2020-0650 : A remote code execution vulnerability in Microsoft Excel/VBA objects handling in memory. Connected documents (Nessus/OpenVAS plugins) tie this CVE to multiple Office/Excel vulnerabilities discovered in January 2020, affecting Excel components across various Office suites (includin...

9.3CVSS7.9AI score0.17168EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.204 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.204 views

CVE-2020-0760

CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...

8.8CVSS8.5AI score0.0861EPSS
CVE
CVE
added 2019/07/29 2:8 p.m.199 views

CVE-2019-1110

CVE-2019-1110 affects Microsoft Excel; a remote code execution vulnerability exists when Excel fails to properly handle objects in memory. Exploitation could allow running arbitrary code in the user’s context; impact is high. The issue is addressed by Microsoft Office security updates in the July...

9.3CVSS8.8AI score0.1316EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.187 views

CVE-2019-1155

CVE-2019-1155 is a Jet Database Engine remote code execution vulnerability in Windows. It arises from improper handling of in-memory objects, enabling an attacker to run arbitrary code on a victim system by enticing the user to open a specially crafted file. The update fixes how the Jet Database ...

9.3CVSS8.6AI score0.04269EPSS
CVE
CVE
added 2019/09/11 9:24 p.m.185 views

CVE-2019-1246

CVE-2019-1246 is a remote code execution vulnerability in the Windows Jet Database Engine caused by improper handling of in-memory objects. The Nessus plugin for Security Updates for Microsoft Office products C2R (September 2019) confirms this CVE and notes that the update fixes the Jet Database ...

9.3CVSS8.5AI score0.12643EPSS
CVE
CVE
added 2019/11/12 6:53 p.m.166 views

CVE-2019-1448

CVE-2019-1448 is a Microsoft Excel remote code execution vulnerability. The connected documents describe that Excel fails to properly handle objects in memory, leading to the execution of arbitrary code when a user opens a specially crafted file (as seen in Office/Excel advisories and Nessus entr...

9.3CVSS7.9AI score0.28178EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.164 views

CVE-2019-0582

CVE-2019-0582 is a remote code execution flaw in the Windows Jet Database Engine caused by improper handling of objects in memory. The vulnerability affects multiple Windows versions and can be triggered when a user opens a specially crafted file, enabling arbitrary code execution with the attack...

9.3CVSS8AI score0.12314EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.157 views

CVE-2020-0652

CVE-2020-0652 is a remote code execution vulnerability in Microsoft Office caused by improper handling of memory objects. The NVD entry lists a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH), indicating a local exploit requiring user interaction an...

7.8CVSS7.8AI score0.16962EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.156 views

CVE-2020-0850

CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...

8.8CVSS7.9AI score0.0861EPSS
CVE
CVE
added 2019/09/11 9:24 p.m.155 views

CVE-2019-1263

CVE-2019-1263 — Microsoft Excel Information Disclosure . The connected Nessus/Office update docs confirm an information disclosure in Excel where memory contents may be exposed. The vulnerability is tied to Excel's handling of in-memory objects, enabling potential leakage of sensitive data. The O...

5.5CVSS6AI score0.07768EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.148 views

CVE-2019-1461

CVE-2019-1461 is a denial-of-service vulnerability in Microsoft Word where the program fails to properly handle objects in memory. An attacker can trigger a remote DoS by sending a specially crafted document that, when opened, crashes Word or makes the system unavailable. The vulnerability has ne...

7.1CVSS6.1AI score0.04643EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.145 views

CVE-2019-1205

CVE-2019-1205 is a remote code execution flaw in Microsoft Word caused by improper handling of in‑memory objects. An attacker can deliver a specially crafted Word file via email or a compromised website to run code in the current user’s security context, requiring user interaction to open the fil...

9.8CVSS8.1AI score0.03968EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.145 views

CVE-2020-0961

Summary (supported by provided documents): CVE-2020-0961 is a remote code execution vulnerability in the Microsoft Office Access Connectivity Engine that occurs when the engine improperly handles memory objects. The Nessus plugin for Office C2R April 2020 explicitly lists CVE-2020-0961 among mult...

9.3CVSS8.1AI score0.11548EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.144 views

CVE-2020-0906

Microsoft Excel contains a remote code execution vulnerability (CVE-2020-0906) where the application fails to properly handle objects in memory, allowing code to run in the attacker’s context. The Nessus updates describe Excel-specific RCEs and note that Office products were missing updates as of...

9.3CVSS8.8AI score0.11261EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.141 views

CVE-2020-0980

CVE-2020-0980 is a Microsoft Word remote code execution vulnerability caused by improper handling of in-memory objects. It affects Word/Office when parsing crafted files; the impact is potential code execution in the current user context. In public docs, the vulnerability is addressed by the Offi...

9.3CVSS8.3AI score0.11548EPSS
CVE
CVE
added 2019/05/16 6:17 p.m.138 views

CVE-2019-0953

CVE-2019-0953 is a remote-code-execution vulnerability in Microsoft Word caused by improper handling of objects in memory. The issue affects Word components across Office clients (notably Word 2016/2019) and can be triggered by a specially crafted file, enabling code execution in the caller’s sec...

9.3CVSS7.9AI score0.12934EPSS
CVE
CVE
added 2020/02/11 9:23 p.m.138 views

CVE-2020-0759

CVE-2020-0759 is a Microsoft Excel remote code execution vulnerability. The provided sources consistently describe a flaw where Excel mismanages in‑memory objects, enabling an attacker to execute arbitrary code in the context of the current user. The entry is linked to Microsoft Excel/Office, wit...

9.3CVSS8.8AI score0.15168EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.135 views

CVE-2020-0651

CVE-2020-0651 is a remote code execution vulnerability in Microsoft Excel/Office where memory objects are mishandled, allowing arbitrary code execution in the context of the current user via crafted files. Connected documents corroborate that multiple Excel/Office variants (Windows/macOS) and rel...

9.3CVSS7.9AI score0.17168EPSS
CVE
CVE
added 2019/06/12 1:49 p.m.133 views

CVE-2019-1035

Microsoft Word remote code execution (CVE-2019-1035) arises from improper handling of in-memory objects, enabling a specially crafted Word file to execute actions in the caller’s security context. Exploitation requires the user to open the crafted file, with delivery vectors including email attac...

9.3CVSS7.6AI score0.06558EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.132 views

CVE-2018-8432

CVE-2018-8432 is a remote code execution in Microsoft Graphics Components. It affects Windows and Office components (e.g., Office, Word Viewer, Excel Viewer, PowerPoint Viewer) across multiple Windows and Office versions; the underlying issue is how Graphics Components handle objects in memory. E...

9.3CVSS8.2AI score0.19629EPSS
CVE
CVE
added 2019/09/11 9:24 p.m.132 views

CVE-2019-1264

Summary (CVE-2019-1264) : A security feature bypass in Microsoft Office arises from improper handling of input within Office components. Connected sources confirm this as a Microsoft Office input-handling vulnerability that can allow an attacker to execute arbitrary commands when a user opens a s...

7.8CVSS7.5AI score0.03803EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.132 views

CVE-2020-0991

CVE-2020-0991 is a Microsoft Office remote code execution vulnerability caused by improper handling of objects in memory. The issue affects Office components (Word, Excel, PowerPoint, Visio, Publisher and related engines) and can allow an attacker to execute arbitrary code in the context of the c...

9.3CVSS8.4AI score0.11548EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.130 views

CVE-2020-0892

CVE-2020-0892 is a Microsoft Word remote code execution vulnerability. The linked documents confirm Word is vulnerable when it fails to properly handle objects in memory, allowing a crafted file to run code in the current user’s context. The issue is tied to multiple Word-related CVEs and is disc...

9.3CVSS8AI score0.11548EPSS
CVE
CVE
added 2019/10/10 1:28 p.m.128 views

CVE-2019-1331

CVE-2019-1331 is a Microsoft Excel remote code execution vulnerability caused by improper handling of in-memory objects. The Red Hat CVE entries and NVD description identify it as an Excel memory‑handling issue that enables RCE when exploited, with no further exploit details provided in the suppl...

9.3CVSS8.8AI score0.17876EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.126 views

CVE-2018-8574

CVE-2018-8574 is a remote code execution flaw in Microsoft Excel/Office caused by how the program handles objects in memory. An attacker could exploit this by opening a specially crafted file, executing arbitrary code under the current user’s context (potentially with admin rights). Public-connec...

9.3CVSS7.9AI score0.19059EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.125 views

CVE-2019-1464

CVE-2019-1464 is an information disclosure vulnerability in Microsoft Excel where memory contents can be improperly disclosed. The Red Hat entry and Nessus/OpenVAS advisories corroborate that Excel (Office) memory handling flaws enable exposure of user data. The concrete impact stated is informat...

5.5CVSS5AI score0.08123EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.124 views

CVE-2019-1462

CVE-2019-1462 is a remote code execution vulnerability affecting Microsoft PowerPoint/Office where memory objects are mishandled. The Red Hat advisory reiterates the same remote code execution issue, and various Nessus/OpenVAS entries tie the vulnerability to PowerPoint versions across Windows/ma...

9.3CVSS7.9AI score0.18328EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.123 views

CVE-2018-8573

CVE-2018-8573 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. The vulnerability could allow an attacker to execute arbitrary code in the security context of the current user when a specially crafted file is opened. Multi...

9.3CVSS7.9AI score0.19059EPSS
CVE
CVE
added 2019/04/09 8:16 p.m.120 views

CVE-2019-0828

CVE-2019-0828 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects in Excel. The Red Hat advisory and openvas/nessus entries confirm Excel (Office) is affected; the issue can allow remote code execution with the current user’s privileges, potentia...

9.3CVSS7.8AI score0.1371EPSS
CVE
CVE
added 2019/06/12 1:49 p.m.118 views

CVE-2019-1034

CVE-2019-1034 affects Microsoft Word/Office where in-memory handling of objects can be exploited to run remote code after a user opens a crafted file. Exploitation relies on social/vector delivery (email or web), with the attacker gaining the same rights as the logged-on user. The vulnerability i...

9.3CVSS7.6AI score0.04885EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.116 views

CVE-2019-0669

CVE-2019-0669 is an information-disclosure vulnerability in Microsoft Excel where memory contents can be disclosed when a crafted document is opened. The issue arises from Excel failing to properly isolate or protect memory contents during document processing, enabling an attacker to obtain data ...

6.5CVSS5.9AI score0.0643EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.116 views

CVE-2019-1400

CVE-2019-1400 is an information-disclosure vulnerability in Microsoft Access caused by improper handling of objects in memory. The NVD entry describes a memory handling flaw that allows partial confidentiality exposure when an attacker can trigger the condition locally. The CVSS‑3.1 vector is AV:...

5.5CVSS5AI score0.02158EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.116 views

CVE-2020-0855

Summary of CVE-2020-0855 (Microsoft Word RCE) : The connected documents describe a remote code execution flaw in Microsoft Word related to improper handling of objects in memory. An attacker could craft a file that, when opened by a user, runs code in the security context of that user. Exploitati...

9.3CVSS8AI score0.11548EPSS
CVE
CVE
added 2019/10/10 1:28 p.m.115 views

CVE-2019-1327

CVE-2019-1327 is a remote code execution vulnerability in Microsoft Excel caused by improper handling of objects in memory. The Red Hat records also list CVE-2019-1331 as related, sharing the same underlying issue. Public sources in the provided documents describe the issue but do not include con...

9.3CVSS8.8AI score0.12627EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.114 views

CVE-2018-8577

CVE-2018-8577 affects Microsoft Excel (and related Office components). The vulnerability arises when Excel fails to properly handle objects in memory, enabling a remote code execution where an attacker could run arbitrary code in the context of the current user. CVSSv3 vector indicates a local at...

9.3CVSS7.9AI score0.19059EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.114 views

CVE-2019-0540

CVE-2019-0540 is a security feature bypass in Microsoft Office where URLs are not properly validated, enabling phishing-style credential theft when a victim opens a specially crafted file (Word component). The vulnerability is addressed by Microsoft Office security updates released in February 20...

5.5CVSS5.5AI score0.12783EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.113 views

CVE-2019-0561

CVE-2019-0561 is an information-disclosure vulnerability in Microsoft Word/Office related to improper handling of Word fields, specifically via Word macro buttons. The issue allows reading arbitrary files from the targeted system. Multiple Nessus/OpenVAS entries and advisories group CVE-2019-0561...

5.5CVSS6.1AI score0.08243EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.112 views

CVE-2019-0671

CVE-2019-0671 affects the Microsoft Office Access Connectivity Engine. The vulnerability is a memory handling flaw that could allow remote code execution when a user opens a specially crafted file. The issue is addressed by Office security updates released in February 2019 for Office C2R; monitor...

9.3CVSS7.9AI score0.14817EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.112 views

CVE-2020-0979

CVE-2020-0979 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. The connected Nessus docs (SMB_NT_MS20_APR_EXCEL_C2R.NASL and related plugins) confirm Excel RCE tied to memory object handling and indicate April 2020 Office updates address CVE-...

9.3CVSS8.8AI score0.11261EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.111 views

CVE-2018-8587

CVE-2018-8587 is a remote code execution vulnerability in Microsoft Outlookrelated products (Office/Outlook and Office 365 ProPlus) caused by improper handling of objects in memory. The connected Nessus/OpenVAS entries tie the flaw to Outlook components (including Outlook 2010/2013/2016 and Offic...

9.3CVSS6.1AI score0.28782EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.111 views

CVE-2019-0559

Microsoft Outlook Information Disclosure Vulnerability (CVE-2019-0559) affects Outlook and Office suite components, arising from improper handling of certain messages. The vulnerability is described as an information disclosure issue with Confidentiality impact (C), per CVSS3 vector CVSS:3.0/AV:N...

6.5CVSS5.9AI score0.06783EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.110 views

CVE-2019-0560

This CVE-2019-0560 entry concerns a memory-based information disclosure in Microsoft Office and Office 365 ProPlus. Affected products are Microsoft Office components; root cause is improper handling of memory contents, enabling disclosure of sensitive data. Documented impact is information disclo...

5.5CVSS5.1AI score0.08729EPSS
CVE
CVE
added 2019/04/09 8:16 p.m.110 views

CVE-2019-0822

CVE-2019-0822 is a remote code execution vulnerability in Microsoft Graphics Components related to how objects are handled in memory. Reports from MSRC and OpenVAS indicate exploitation requires a user to open a specially crafted file, enabling an attacker to execute arbitrary code on the target ...

9.3CVSS7.8AI score0.1371EPSS
Total number of security vulnerabilities84