368 matches found
CVE-2023-23397
CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...
CVE-2021-42292
CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...
CVE-2023-28295
CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...
CVE-2024-21413
Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the user’s NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...
CVE-2023-36761
CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2023-35311
Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.
CVE-2023-36762
CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...
CVE-2024-38200
CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://…) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...
CVE-2023-36767
CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...
CVE-2026-21509
CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...
CVE-2025-59240
CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...
CVE-2023-36763
CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...
CVE-2023-36766
CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...
CVE-2025-60728
Microsoft Excel (Office) contains an information-disclosure vulnerability: untrusted pointer dereference in Excel could disclose sensitive data over a network (CVE-2025-60728). Exploitation requires network access and user interaction. The provided documents show a Medium-severity CVSS/impact, an...
CVE-2023-41764
CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...
CVE-2024-20673
CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...
CVE-2024-38226
CVE-2024-38226 is a Microsoft Publisher security feature bypass vulnerability that enables bypass of Mark of the Web protections. The issue affects Microsoft Publisher (and related Office components) and stems from a security feature bypass in MOWeb, allowing files downloaded from the Internet to...
CVE-2023-28287
CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...
CVE-2024-21378
The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...
CVE-2024-38189
CVE-2024-38189 is a remote code execution vulnerability in Microsoft Project. The CVE description and CNNVD/MSRC references indicate an input validation error in Microsoft Project that can allow remote code execution, with a CVSS v3.1 base score of 8.8 (HIGH) and exploitability requiring user int...
CVE-2024-49033
CVE-2024-49033 – Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...
CVE-2022-38048
CVE-2022-38048 — Microsoft Office Remote Code Execution is documented as an Office remote code execution vulnerability. Public sources in the provided documents identify Office components as affected and indicate that exploitation could result in executing arbitrary code on the user’s system. Mic...
CVE-2023-36897
CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...
CVE-2024-20677
CVE-2024-20677 is a Microsoft Office RCE vulnerability tied to inserting FBX 3D files. MS mitigation disables the FBX insertion feature in Word, Excel, PowerPoint and Outlook on Windows and Mac; affected Office versions (Office 2019, 2021, Office LTSC for Mac 2021, Microsoft 365) lose the ability...
CVE-2022-24462
CVE-2022-24462 is a Microsoft Word/Office vulnerability described as a Security Feature Bypass. Connected sources also reference CVE-2022-24511 (Word tampering) affecting Word/Office products; several Nessus plugins list Word and Office components, with March 2022 updates addressing multiple Off...
CVE-2025-21381
CVE-2025-21381 is a Microsoft Excel remote code execution vulnerability affecting Excel 2016 (KB5002687) and related Office Excel components. Public references indicate an RCE path via Excel, with the initial entry listing Excel as the affected product and the security update KB5002687 fixing it....
CVE-2022-24510
CVE-2022-24510 affects Microsoft Office Visio and is described as a remote code execution vulnerability. NVD reports base scores of 6.8 (CVSS2.0) and 7.8 (CVSS3.1) with impact on confidentiality, integrity, and availability. The CVSS3.1 vector indicates a local exploit with user interaction requi...
CVE-2024-21379
CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...
CVE-2023-23399
The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...
CVE-2022-34717
CVE-2022-34717 is a Microsoft Office remote code execution vulnerability with impact on Office products such as 2013/2016 and Office 365 (Click-to-Run). The CVSSv3.1 base vector is NETWORK, with HIGH impact on confidentiality, integrity, and availability; attacker needs user interaction. The root...
CVE-2022-24511
Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.
CVE-2024-21384
CVE-2024-21384 refers to a remote code execution vulnerability in Microsoft Office OneNote. Multiple sources (NVD/CNVD) describe an attacker abusing OneNote to run arbitrary code on a vulnerable system, with the documented impact of full code execution. The CVSS v3.1 vector in the initial documen...
CVE-2022-24461
CVE-2022-24461 affects Microsoft Office Visio, with a boundary/EMF processing flaw in EMR_COMMENT_EMFPLUS records that allows remote code execution. Public metadata reports a high-severity impact (CVSSv3.1: Local, Low/None Privilege, UI Required, with High Confidentiality, Integrity, and Availabi...
CVE-2023-29344
CVE-2023-29344 is Microsoft Office Remote Code Execution vulnerability affecting multiple Office products (e.g., Word, Excel, Office suite components) with CVSS v3.1 base score 7.8 (HIGH). The linked sources indicate a "Remote Code Execution" issue and, in the NCSC advisory, list CVE-2023-29344 u...
CVE-2022-26901
Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.
CVE-2022-30174
CVE-2022-30174 is a Microsoft Office Remote Code Execution vulnerability. Public records (NVD, MSRC, and related feeds) describe it as affecting Microsoft Office/Office components (e.g., Excel, SharePoint) with a root cause leading to arbitrary code execution. The CVSSv3.1 assessment (vector CVSS...
CVE-2022-33632
CVE-2022-33632 is a Microsoft Office security feature bypass vulnerability affecting Office variants (e.g., 2013/2016 and Click-to-Run Office 365). Root cause: bypass of security features in Office; impact per CVSS indicates high integrity impact but no confidentiality/availability impact, with l...
CVE-2021-40442
CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...
CVE-2022-22003
CVE-2022-22003 : Microsoft Office Graphics Remote Code Execution Vulnerability. The connected Nessus/NASL data indicate this vulnerability allows execution of arbitrary code via a crafted Office Graphics file, requiring a local user to open a malicious file. Remediation is documented in Microsoft...
CVE-2023-24953
CVE-2023-24953 corresponds to a Microsoft Excel remote code execution vulnerability. Public documents describe impact as the ability to execute arbitrary code in Excel, enabling local or user-initiated exploitation. The vulnerability is addressed by Microsoft security updates for Excel (e.g., KB5...
CVE-2023-29335
CVE-2023-29335 – Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...
CVE-2023-28311
CVE-2023-28311 affects Microsoft Word and enables local remote code execution when a user opens a specially crafted Word file. Exploitation requires user interaction (opening a file) and the attack is carried out locally via social engineering. Publicly available details indicate there are public...
CVE-2022-24509
CVE-2022-24509 affects Microsoft Office Visio and is described as a Remote Code Execution Vulnerability. The NVD entry lists a CVSSv3.1 base score of 7.8 (HIGH) with local attack vector, user interaction required, and high impact on confidentiality, integrity, and availability; CVSSv2 indicates b...
CVE-2023-28285
CVE-2023-28285 is a Microsoft Office remote code execution vulnerability affecting Office products (including Microsoft 365 Apps/Office for enterprise). The issue enables code execution through a specially crafted file that a user must open, aligning with a local attack vector and requiring user ...
CVE-2022-29109
CVE-2022-29109 affects Microsoft Excel and is described as a remote code execution vulnerability in Excel/Office components. The Open-related documents confirm affected products include Excel and Office Web Apps, with remediation via Microsoft security updates (e.g., KB5002205 for the Office Onli...
CVE-2024-49069
CVE-2024-49069 is an Excel remote code execution vulnerability in Microsoft Office. The issue targets Excel components and can let an attacker execute arbitrary code by tricking a user into opening a maliciously crafted file. The entry lists a CVSS v3.1 base score of 7.8 (High) with LOCAL attack ...
CVE-2023-23398
Technical details about CVE-2023-23398 are not provided in the supplied documents. Public information in these sources is limited; monitor for updates from official advisories (MSRC) and vendors.
CVE-2023-36896
CVE-2023-36896 is a Microsoft Excel remote code execution vulnerability affecting the Excel/Office components. The connected documents confirm the issue is a remote code execution flaw in Excel that can be triggered locally and requires user interaction for exploitation, with high impact (C/H/I/H...
CVE-2022-35742
CVE-2022-35742 is a Microsoft Outlook Denial of Service vulnerability. Public sources (CVE entry, MSRC update page, and third‑party summaries) describe it as a DoS that can crash the Outlook client when processing a crafted message. The vulnerability is reported to be exploitable via network‑deli...