Lucene search
K
MicrosoftOffice Compatibility Pack

206 matches found

CVE
CVE
added 2018/01/10 1:0 a.m.2387 views

CVE-2018-0802

CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...

9.3CVSS8.5AI score0.93289EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.1316 views

CVE-2018-0798

The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...

9.3CVSS8.8AI score0.95121EPSS
In wild
CVE
CVE
added 2015/04/14 8:0 p.m.1220 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wild
CVE
CVE
added 2013/11/06 11:0 a.m.1132 views

CVE-2013-3906

CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...

9.3CVSS9.4AI score0.84971EPSS
In wild
CVE
CVE
added 2016/12/20 5:54 a.m.1091 views

CVE-2016-7262

CVE-2016-7262 is a Microsoft Office vulnerability (Microsoft Excel family) described as a Security Feature Bypass: a crafted cell mishandled on click can allow user-assisted remote command execution. Affected products include Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibi...

7.8CVSS7.8AI score0.58204EPSS
In wild
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2012/12/12 12:0 a.m.997 views

CVE-2012-2539

CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...

9.3CVSS8.2AI score0.53159EPSS
In wild
CVE
CVE
added 2009/06/10 5:37 p.m.996 views

CVE-2009-0563

CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...

9.3CVSS8.1AI score0.63081EPSS
In wild
CVE
CVE
added 2009/06/10 6:0 p.m.992 views

CVE-2009-0557

CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...

9.3CVSS7.5AI score0.58551EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.955 views

CVE-2016-7193

Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...

9.3CVSS7.8AI score0.57705EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.937 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81627EPSS
In wild
CVE
CVE
added 2015/07/14 9:0 p.m.936 views

CVE-2015-2424

CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...

9.3CVSS9.3AI score0.38497EPSS
In wild
CVE
CVE
added 2018/12/12 12:0 a.m.504 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.207 views

CVE-2018-0812

The CVE-2018-0812 entry describes a remote code execution vulnerability in Equation Editor across Office products (Word/Office 2003, 2007, 2010, 2013, 2016) due to how objects are handled in memory. The issue affects Word/Office components when processing crafted files, enabling code execution on...

9.3CVSS8.2AI score0.23877EPSS
In wild
CVE
CVE
added 2018/08/15 5:0 p.m.197 views

CVE-2018-8378

CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...

5.5CVSS4.9AI score0.06849EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.196 views

CVE-2012-1847

CVE-2012-1847 affects Microsoft Office Excel and related components (Excel 2003 SP3; Excel 2007 SP2/SP3; Excel 2010 SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability stems from memory handling when opening specially crafted spreadsheets, enabling r...

9.3CVSS7.9AI score0.25099EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.184 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.173 views

CVE-2016-0025

CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...

9.3CVSS7.2AI score0.16722EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.171 views

CVE-2012-0142

CVE-2012-0142 involves a memory corruption vulnerability in Microsoft Excel/file format handling (OBJECTLINK record) that can be triggered by opening a crafted spreadsheet, leading to remote code execution. Affected products include Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008, Exc...

9.3CVSS7.4AI score0.21596EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.163 views

CVE-2013-3848

CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...

9.3CVSS7.5AI score0.21139EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.162 views

CVE-2012-0184

CVE-2012-0184 affects Microsoft Excel and related Office components: Excel 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3. The issue is a memory handling error when opening a crafted spreadsheet, enabling remote code execution. Thi...

9.3CVSS7.5AI score0.24221EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.158 views

CVE-2011-1988

Microsoft Excel heap memory corruption vulnerability (MS11-072) tied to parsing BIFF2 records in Excel files can allow remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, Office 2007 SP2, Office for Mac variants, Open XML Converter for Mac, Excel Viewer SP2, and related Mac...

9.3CVSS7.4AI score0.18609EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.158 views

CVE-2013-1315

CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...

9.3CVSS7.6AI score0.28702EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.156 views

CVE-2012-2528

CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...

9.3CVSS7.5AI score0.22117EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.155 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.18238EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.154 views

CVE-2012-0183

CVE-2012-0183 affects Microsoft Word 2003 SP3, Word 2007 SP2/SP3, Word 2008/2011 for Mac, and Office Compatibility Pack SP2/SP3. The vulnerability arises in parsing crafted RTF data, causing memory corruption that can allow remote code execution or denial of service. The issue is addressed by Mic...

9.3CVSS7.7AI score0.24412EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.154 views

CVE-2012-2543

CVE-2012-2543 is a stack-based buffer overflow in Microsoft Excel components (Windows: Excel 2007 SP2/SP3, Excel 2010 SP1; Mac: Office 2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability arises while handling crafted spreadsheets, enabling remote code execution. Connected so...

9.3CVSS7.9AI score0.26204EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.149 views

CVE-2018-0793

CVE-2018-0793 is a remote code execution vulnerability in Microsoft Outlook (and related Office components) triggered by parsing email messages. The OpenVAS/macOS Nessus entries confirm the issue affecting Outlook parsing and the macOS Office stack, with unrelated Word updates listed in connected...

9.3CVSS8.3AI score0.2057EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.147 views

CVE-2011-0097

CVE-2011-0097 is a Microsoft Excel integer-overflow in the 400h substream parsing that can trigger a stack-based buffer overflow and remote code execution. Affected are Excel on Windows (2002 SP3/2003 SP3/2007 SP2/2010) and Mac variants, plus related File Format converters/viewers. The vulnerabil...

9.3CVSS7.6AI score0.38221EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.147 views

CVE-2013-3850

CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.145 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.145 views

CVE-2012-1885

CVE-2012-1885 is a heap-based buffer overflow in Microsoft Excel components that affects Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008/2011, and Office Compatibility Pack SP2/SP3. The root cause is a SerAuxErrBar heap overflow triggered by processing a crafted spreadsheet, enabling ...

9.3CVSS7.9AI score0.29287EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.143 views

CVE-2012-0141

CVE-2012-0141 affects Microsoft Excel and related Office components across Windows and Mac platforms (Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1/Gold, Office 2011 for Mac, Excel Viewer, Office Compatibility Pack). The root cause is memory corruption during parsing/opening specially crafted Excel/RTF ...

9.3CVSS7.5AI score0.21769EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.139 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.138 views

CVE-2011-1273

Microsoft Excel (Windows: 2002/2003/2007/2010; Mac: 2004/2008/2011; Open XML Converter for Mac; Excel Viewer; Office Compatibility Pack) is affected by CVE-2011-1273 due to improper validation/parsing of Excel records. Multiple advisories attribute the issue to parsing errors (record-type handlin...

9.3CVSS7.6AI score0.16968EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.136 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.136 views

CVE-2013-3852

CVE-2013-3852 affects Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability is a memory corruption flaw in Word that can be triggered by a crafted Office document, enabling remote code execution or a denial of service. The OpenVAS...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.136 views

CVE-2017-8631

CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...

9.3CVSS7.6AI score0.16358EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.132 views

CVE-2018-8432

CVE-2018-8432 is a remote code execution in Microsoft Graphics Components. It affects Windows and Office components (e.g., Office, Word Viewer, Excel Viewer, PowerPoint Viewer) across multiple Windows and Office versions; the underlying issue is how Graphics Components handle objects in memory. E...

9.3CVSS8.2AI score0.19629EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.130 views

CVE-2017-11854

CVE-2017-11854 affects Microsoft Word 2007 SP3, Word 2010 SP2, Office 2010 SP2, and Office Compatibility Pack SP3. The root cause is improper handling of memory-resident objects, enabling arbitrary code execution in the context of the current user when a specially crafted file is opened. In the d...

9.3CVSS8.1AI score0.08356EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.129 views

CVE-2018-0804

The CVE-2018-0804 entry concerns a remote code execution in the Equation Editor of Microsoft Office 2003–2016 due to the way in-memory objects are handled. Affected software includes Office 2003, 2007, 2010, 2013, and 2016; the root cause is improper handling of objects in memory within the Equat...

9.3CVSS8.3AI score0.24398EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.127 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.124 views

CVE-2017-11878

CVE-2017-11878 affects multiple Microsoft Excel/Office components (Excel 2007 SP3, 2017-era Excel/Viewer and Office Compatibility Pack SP3). The vulnerability arises from improper handling of objects in memory, leading to memory corruption that can allow an attacker to execute arbitrary code in t...

9.3CVSS7.4AI score0.06167EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.119 views

CVE-2017-8742

Two CVEs (CVE-2017-8742 and CVE-2017-8743) describe remote code execution in Microsoft PowerPoint family and associated server/web apps due to improper handling of objects in memory. CVE-2017-8742 affects PowerPoint up to 2016, PowerPoint Viewer 2007, SharePoint Server 2013 SP1, SharePoint Enterp...

9.3CVSS8AI score0.21319EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.117 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.116 views

CVE-2017-11877

CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...

5.5CVSS6.2AI score0.04546EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.116 views

CVE-2019-0669

CVE-2019-0669 is an information-disclosure vulnerability in Microsoft Excel where memory contents can be disclosed when a crafted document is opened. The issue arises from Excel failing to properly isolate or protect memory contents during document processing, enabling an attacker to obtain data ...

6.5CVSS5.9AI score0.0643EPSS
Total number of security vulnerabilities206