Lucene search
K
MicrosoftOffice Long Term Servicing Channel

368 matches found

CVE
CVE
added 2023/03/14 4:55 p.m.2003 views

CVE-2023-23397

CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...

9.8CVSS8.3AI score0.97408EPSS
In wild
CVE
CVE
added 2021/11/10 12:47 a.m.1333 views

CVE-2021-42292

CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...

7.8CVSS7.6AI score0.31949EPSS
In wild
CVE
CVE
added 2023/06/17 12:29 a.m.1163 views

CVE-2023-28295

CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.1097 views

CVE-2024-21413

Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the user’s NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...

9.8CVSS9.6AI score0.9466EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.812 views

CVE-2023-36761

CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...

6.5CVSS6AI score0.18959EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.696 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2023/07/11 5:3 p.m.638 views

CVE-2023-35311

Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.

8.8CVSS7.9AI score0.15966EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.571 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2024/08/08 8:45 p.m.549 views

CVE-2024-38200

CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://…) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...

9.1CVSS7.5AI score0.19534EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.518 views

CVE-2023-36767

CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...

4.3CVSS4.8AI score0.03324EPSS
CVE
CVE
added 2026/01/26 5:6 p.m.515 views

CVE-2026-21509

CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...

7.8CVSS5.9AI score0.72152EPSS
In wild
CVE
CVE
added 2025/11/11 5:59 p.m.514 views

CVE-2025-59240

CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...

5.5CVSS5AI score0.00579EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.511 views

CVE-2023-36763

CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...

7.5CVSS7.2AI score0.01908EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.472 views

CVE-2023-36766

CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...

7.8CVSS6AI score0.01487EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.466 views

CVE-2025-60728

Microsoft Excel (Office) contains an information-disclosure vulnerability: untrusted pointer dereference in Excel could disclose sensitive data over a network (CVE-2025-60728). Exploitation requires network access and user interaction. The provided documents show a Medium-severity CVSS/impact, an...

4.3CVSS5AI score0.00703EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.451 views

CVE-2023-41764

CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...

5.5CVSS5.6AI score0.0119EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.385 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01177EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.384 views

CVE-2024-38226

CVE-2024-38226 is a Microsoft Publisher security feature bypass vulnerability that enables bypass of Mark of the Web protections. The issue affects Microsoft Publisher (and related Office components) and stems from a security feature bypass in MOWeb, allowing files downloaded from the Internet to...

7.3CVSS8.2AI score0.02667EPSS
In wild
CVE
CVE
added 2023/06/17 12:29 a.m.322 views

CVE-2023-28287

CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.306 views

CVE-2024-21378

The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...

8.8CVSS7.8AI score0.11064EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.296 views

CVE-2024-38189

CVE-2024-38189 is a remote code execution vulnerability in Microsoft Project. The CVE description and CNNVD/MSRC references indicate an input validation error in Microsoft Project that can allow remote code execution, with a CVSS v3.1 base score of 8.8 (HIGH) and exploitability requiring user int...

8.8CVSS8.9AI score0.07871EPSS
In wild
CVE
CVE
added 2024/11/12 5:54 p.m.286 views

CVE-2024-49033

CVE-2024-49033 – Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...

7.5CVSS7.4AI score0.02072EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.280 views

CVE-2022-38048

CVE-2022-38048 — Microsoft Office Remote Code Execution is documented as an Office remote code execution vulnerability. Public sources in the provided documents identify Office components as affected and indicate that exploitation could result in executing arbitrary code on the user’s system. Mic...

7.8CVSS7.8AI score0.01509EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.280 views

CVE-2023-36897

CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...

8.1CVSS7AI score0.01603EPSS
CVE
CVE
added 2024/01/09 5:56 p.m.267 views

CVE-2024-20677

CVE-2024-20677 is a Microsoft Office RCE vulnerability tied to inserting FBX 3D files. MS mitigation disables the FBX insertion feature in Word, Excel, PowerPoint and Outlook on Windows and Mac; affected Office versions (Office 2019, 2021, Office LTSC for Mac 2021, Microsoft 365) lose the ability...

7.8CVSS7.8AI score0.0326EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.266 views

CVE-2022-24462

CVE-2022-24462 is a Microsoft Word/Office vulnerability described as a Security Feature Bypass. Connected sources also reference CVE-2022-24511 (Word tampering) affecting Word/Office products; several Nes­sus plugins list Word and Office components, with March 2022 updates addressing multiple Off...

5.5CVSS5.6AI score0.01941EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.266 views

CVE-2025-21381

CVE-2025-21381 is a Microsoft Excel remote code execution vulnerability affecting Excel 2016 (KB5002687) and related Office Excel components. Public references indicate an RCE path via Excel, with the initial entry listing Excel as the affected product and the security update KB5002687 fixing it....

7.8CVSS7.9AI score0.01113EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.259 views

CVE-2022-24510

CVE-2022-24510 affects Microsoft Office Visio and is described as a remote code execution vulnerability. NVD reports base scores of 6.8 (CVSS2.0) and 7.8 (CVSS3.1) with impact on confidentiality, integrity, and availability. The CVSS3.1 vector indicates a local exploit with user interaction requi...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.255 views

CVE-2024-21379

CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...

7.8CVSS7.8AI score0.01719EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.252 views

CVE-2023-23399

The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...

7.8CVSS7.8AI score0.02532EPSS
CVE
CVE
added 2022/08/09 7:55 p.m.242 views

CVE-2022-34717

CVE-2022-34717 is a Microsoft Office remote code execution vulnerability with impact on Office products such as 2013/2016 and Office 365 (Click-to-Run). The CVSSv3.1 base vector is NETWORK, with HIGH impact on confidentiality, integrity, and availability; attacker needs user interaction. The root...

8.8CVSS8.7AI score0.01595EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.237 views

CVE-2022-24511

Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.

5.5CVSS5.6AI score0.01023EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.227 views

CVE-2024-21384

CVE-2024-21384 refers to a remote code execution vulnerability in Microsoft Office OneNote. Multiple sources (NVD/CNVD) describe an attacker abusing OneNote to run arbitrary code on a vulnerable system, with the documented impact of full code execution. The CVSS v3.1 vector in the initial documen...

7.8CVSS8.2AI score0.00849EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.226 views

CVE-2022-24461

CVE-2022-24461 affects Microsoft Office Visio, with a boundary/EMF processing flaw in EMR_COMMENT_EMFPLUS records that allows remote code execution. Public metadata reports a high-severity impact (CVSSv3.1: Local, Low/None Privilege, UI Required, with High Confidentiality, Integrity, and Availabi...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
added 2023/06/05 6:26 p.m.224 views

CVE-2023-29344

CVE-2023-29344 is Microsoft Office Remote Code Execution vulnerability affecting multiple Office products (e.g., Word, Excel, Office suite components) with CVSS v3.1 base score 7.8 (HIGH). The linked sources indicate a "Remote Code Execution" issue and, in the NCSC advisory, list CVE-2023-29344 u...

7.8CVSS7.7AI score0.00922EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.222 views

CVE-2022-26901

Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.

7.8CVSS7.8AI score0.02583EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.222 views

CVE-2022-30174

CVE-2022-30174 is a Microsoft Office Remote Code Execution vulnerability. Public records (NVD, MSRC, and related feeds) describe it as affecting Microsoft Office/Office components (e.g., Excel, SharePoint) with a root cause leading to arbitrary code execution. The CVSSv3.1 assessment (vector CVSS...

7.8CVSS7.9AI score0.03278EPSS
CVE
CVE
added 2022/07/12 10:37 p.m.222 views

CVE-2022-33632

CVE-2022-33632 is a Microsoft Office security feature bypass vulnerability affecting Office variants (e.g., 2013/2016 and Click-to-Run Office 365). Root cause: bypass of security features in Office; impact per CVSS indicates high integrity impact but no confidentiality/availability impact, with l...

4.7CVSS4.9AI score0.01103EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.221 views

CVE-2021-40442

CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...

7.8CVSS7.6AI score0.0207EPSS
CVE
CVE
added 2022/02/09 4:36 p.m.221 views

CVE-2022-22003

CVE-2022-22003 : Microsoft Office Graphics Remote Code Execution Vulnerability. The connected Nessus/NASL data indicate this vulnerability allows execution of arbitrary code via a crafted Office Graphics file, requiring a local user to open a malicious file. Remediation is documented in Microsoft...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.219 views

CVE-2023-24953

CVE-2023-24953 corresponds to a Microsoft Excel remote code execution vulnerability. Public documents describe impact as the ability to execute arbitrary code in Excel, enabling local or user-initiated exploitation. The vulnerability is addressed by Microsoft security updates for Excel (e.g., KB5...

7.8CVSS7.8AI score0.00705EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.217 views

CVE-2023-29335

CVE-2023-29335 – Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...

7.5CVSS7.4AI score0.01164EPSS
CVE
CVE
added 2023/04/11 7:14 p.m.212 views

CVE-2023-28311

CVE-2023-28311 affects Microsoft Word and enables local remote code execution when a user opens a specially crafted Word file. Exploitation requires user interaction (opening a file) and the attack is carried out locally via social engineering. Publicly available details indicate there are public...

7.8CVSS7.8AI score0.02719EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.209 views

CVE-2022-24509

CVE-2022-24509 affects Microsoft Office Visio and is described as a Remote Code Execution Vulnerability. The NVD entry lists a CVSSv3.1 base score of 7.8 (HIGH) with local attack vector, user interaction required, and high impact on confidentiality, integrity, and availability; CVSSv2 indicates b...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.202 views

CVE-2023-28285

CVE-2023-28285 is a Microsoft Office remote code execution vulnerability affecting Office products (including Microsoft 365 Apps/Office for enterprise). The issue enables code execution through a specially crafted file that a user must open, aligning with a local attack vector and requiring user ...

7.8CVSS7.8AI score0.03011EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.200 views

CVE-2022-29109

CVE-2022-29109 affects Microsoft Excel and is described as a remote code execution vulnerability in Excel/Office components. The Open-related documents confirm affected products include Excel and Office Web Apps, with remediation via Microsoft security updates (e.g., KB5002205 for the Office Onli...

7.8CVSS7.9AI score0.02562EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.197 views

CVE-2024-49069

CVE-2024-49069 is an Excel remote code execution vulnerability in Microsoft Office. The issue targets Excel components and can let an attacker execute arbitrary code by tricking a user into opening a maliciously crafted file. The entry lists a CVSS v3.1 base score of 7.8 (High) with LOCAL attack ...

7.8CVSS7.8AI score0.01124EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.196 views

CVE-2023-23398

Technical details about CVE-2023-23398 are not provided in the supplied documents. Public information in these sources is limited; monitor for updates from official advisories (MSRC) and vendors.

7.1CVSS6AI score0.00617EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.194 views

CVE-2023-36896

CVE-2023-36896 is a Microsoft Excel remote code execution vulnerability affecting the Excel/Office components. The connected documents confirm the issue is a remote code execution flaw in Excel that can be triggered locally and requires user interaction for exploitation, with high impact (C/H/I/H...

7.8CVSS7.8AI score0.01084EPSS
CVE
CVE
added 2023/06/01 1:9 a.m.193 views

CVE-2022-35742

CVE-2022-35742 is a Microsoft Outlook Denial of Service vulnerability. Public sources (CVE entry, MSRC update page, and third‑party summaries) describe it as a DoS that can crash the Outlook client when processing a crafted message. The vulnerability is reported to be exploitable via network‑deli...

7.5CVSS7.3AI score0.22441EPSS
Total number of security vulnerabilities368