206 matches found
CVE-2018-0802
CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...
CVE-2018-0798
The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...
CVE-2015-1641
CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...
CVE-2013-3906
CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...
CVE-2016-7262
CVE-2016-7262 is a Microsoft Office vulnerability (Microsoft Excel family) described as a Security Feature Bypass: a crafted cell mishandled on click can allow user-assisted remote command execution. Affected products include Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibi...
CVE-2014-1761
CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...
CVE-2012-2539
CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...
CVE-2009-0563
CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...
CVE-2009-0557
CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...
CVE-2016-7193
Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...
CVE-2017-11826
CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...
CVE-2015-2424
CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...
CVE-2018-8628
CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...
CVE-2018-0797
CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...
CVE-2018-0812
The CVE-2018-0812 entry describes a remote code execution vulnerability in Equation Editor across Office products (Word/Office 2003, 2007, 2010, 2013, 2016) due to how objects are handled in memory. The issue affects Word/Office components when processing crafted files, enabling code execution on...
CVE-2018-8378
CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...
CVE-2012-1847
CVE-2012-1847 affects Microsoft Office Excel and related components (Excel 2003 SP3; Excel 2007 SP2/SP3; Excel 2010 SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability stems from memory handling when opening specially crafted spreadsheets, enabling r...
CVE-2013-0007
CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...
CVE-2016-0025
CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...
CVE-2012-0142
CVE-2012-0142 involves a memory corruption vulnerability in Microsoft Excel/file format handling (OBJECTLINK record) that can be triggered by opening a crafted spreadsheet, leading to remote code execution. Affected products include Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008, Exc...
CVE-2013-3848
CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...
CVE-2012-0184
CVE-2012-0184 affects Microsoft Excel and related Office components: Excel 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1; Office for Mac 2008/2011; Excel Viewer; Office Compatibility Pack SP2/SP3. The issue is a memory handling error when opening a crafted spreadsheet, enabling remote code execution. Thi...
CVE-2011-1988
Microsoft Excel heap memory corruption vulnerability (MS11-072) tied to parsing BIFF2 records in Excel files can allow remote code execution. Affected products include Excel 2003 SP3, 2007 SP2, Office 2007 SP2, Office for Mac variants, Open XML Converter for Mac, Excel Viewer SP2, and related Mac...
CVE-2013-1315
CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2012-2528
CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...
CVE-2017-8509
CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...
CVE-2012-0183
CVE-2012-0183 affects Microsoft Word 2003 SP3, Word 2007 SP2/SP3, Word 2008/2011 for Mac, and Office Compatibility Pack SP2/SP3. The vulnerability arises in parsing crafted RTF data, causing memory corruption that can allow remote code execution or denial of service. The issue is addressed by Mic...
CVE-2012-2543
CVE-2012-2543 is a stack-based buffer overflow in Microsoft Excel components (Windows: Excel 2007 SP2/SP3, Excel 2010 SP1; Mac: Office 2011; Excel Viewer; Office Compatibility Pack SP2/SP3). The vulnerability arises while handling crafted spreadsheets, enabling remote code execution. Connected so...
CVE-2018-0793
CVE-2018-0793 is a remote code execution vulnerability in Microsoft Outlook (and related Office components) triggered by parsing email messages. The OpenVAS/macOS Nessus entries confirm the issue affecting Outlook parsing and the macOS Office stack, with unrelated Word updates listed in connected...
CVE-2011-0097
CVE-2011-0097 is a Microsoft Excel integer-overflow in the 400h substream parsing that can trigger a stack-based buffer overflow and remote code execution. Affected are Excel on Windows (2002 SP3/2003 SP3/2007 SP2/2010) and Mac variants, plus related File Format converters/viewers. The vulnerabil...
CVE-2013-3850
CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2012-1885
CVE-2012-1885 is a heap-based buffer overflow in Microsoft Excel components that affects Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1, Office for Mac 2008/2011, and Office Compatibility Pack SP2/SP3. The root cause is a SerAuxErrBar heap overflow triggered by processing a crafted spreadsheet, enabling ...
CVE-2012-0141
CVE-2012-0141 affects Microsoft Excel and related Office components across Windows and Mac platforms (Excel 2003 SP3, 2007 SP2/SP3, 2010 SP1/Gold, Office 2011 for Mac, Excel Viewer, Office Compatibility Pack). The root cause is memory corruption during parsing/opening specially crafted Excel/RTF ...
CVE-2017-0254
CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...
CVE-2011-1273
Microsoft Excel (Windows: 2002/2003/2007/2010; Mac: 2004/2008/2011; Open XML Converter for Mac; Excel Viewer; Office Compatibility Pack) is affected by CVE-2011-1273 due to improper validation/parsing of Excel records. Multiple advisories attribute the issue to parsing errors (record-type handlin...
CVE-2013-0006
CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...
CVE-2013-3852
CVE-2013-3852 affects Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability is a memory corruption flaw in Word that can be triggered by a crafted Office document, enabling remote code execution or a denial of service. The OpenVAS...
CVE-2017-8631
CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...
CVE-2018-8432
CVE-2018-8432 is a remote code execution in Microsoft Graphics Components. It affects Windows and Office components (e.g., Office, Word Viewer, Excel Viewer, PowerPoint Viewer) across multiple Windows and Office versions; the underlying issue is how Graphics Components handle objects in memory. E...
CVE-2017-11854
CVE-2017-11854 affects Microsoft Word 2007 SP3, Word 2010 SP2, Office 2010 SP2, and Office Compatibility Pack SP3. The root cause is improper handling of memory-resident objects, enabling arbitrary code execution in the context of the current user when a specially crafted file is opened. In the d...
CVE-2018-0804
The CVE-2018-0804 entry concerns a remote code execution in the Equation Editor of Microsoft Office 2003–2016 due to the way in-memory objects are handled. Affected software includes Office 2003, 2007, 2010, 2013, and 2016; the root cause is improper handling of objects in memory within the Equat...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2017-11878
CVE-2017-11878 affects multiple Microsoft Excel/Office components (Excel 2007 SP3, 2017-era Excel/Viewer and Office Compatibility Pack SP3). The vulnerability arises from improper handling of objects in memory, leading to memory corruption that can allow an attacker to execute arbitrary code in t...
CVE-2017-8742
Two CVEs (CVE-2017-8742 and CVE-2017-8743) describe remote code execution in Microsoft PowerPoint family and associated server/web apps due to improper handling of objects in memory. CVE-2017-8742 affects PowerPoint up to 2016, PowerPoint Viewer 2007, SharePoint Server 2013 SP1, SharePoint Enterp...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2017-11877
CVE-2017-11877 describes a security feature bypass in Microsoft Excel where macro settings were not enforced on a document, potentially allowing macros to run when they should be blocked. Connected MS KB update notes show the issue affects Excel 2016 (and related Excel entry points) and can be mi...
CVE-2019-0669
CVE-2019-0669 is an information-disclosure vulnerability in Microsoft Excel where memory contents can be disclosed when a crafted document is opened. The issue arises from Excel failing to properly isolate or protect memory contents during document processing, enabling an attacker to obtain data ...