Lucene search
K
MicrosoftOffice Online Server

195 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.1184 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.938 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81454EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.696 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2018/12/12 12:0 a.m.505 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.471 views

CVE-2023-36766

CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...

7.8CVSS6AI score0.01487EPSS
CVE
CVE
added 2023/06/13 11:25 p.m.316 views

CVE-2023-33137

CVE-2023-33137 is an Excel remote code execution vulnerability affecting Microsoft Excel. Public details in connected sources identify Excel 2016 (32/64‑bit) as impacted and point to a security update KB5002405 that resolves the issue. The CVSS-derived data in the initial record indicates local a...

7.8CVSS7.8AI score0.02748EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.309 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
CVE
CVE
added 2025/02/11 5:58 p.m.266 views

CVE-2025-21381

CVE-2025-21381 is a Microsoft Excel remote code execution vulnerability affecting Excel 2016 (KB5002687) and related Office Excel components. Public references indicate an RCE path via Excel, with the initial entry listing Excel as the affected product and the security update KB5002687 fixing it....

7.8CVSS7.9AI score0.01113EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.252 views

CVE-2023-23399

The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...

7.8CVSS7.8AI score0.02532EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.237 views

CVE-2021-40486

CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...

7.8CVSS7.7AI score0.05692EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.222 views

CVE-2022-26901

Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.

7.8CVSS7.8AI score0.02583EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.222 views

CVE-2022-30172

CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...

5.5CVSS6AI score0.02581EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.220 views

CVE-2021-40442

CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...

7.8CVSS7.6AI score0.0207EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.219 views

CVE-2023-24953

CVE-2023-24953 corresponds to a Microsoft Excel remote code execution vulnerability. Public documents describe impact as the ability to execute arbitrary code in Excel, enabling local or user-initiated exploitation. The vulnerability is addressed by Microsoft security updates for Excel (e.g., KB5...

7.8CVSS7.8AI score0.00705EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2021/07/14 5:54 p.m.207 views

CVE-2021-34501

CVE-2021-34501 is described as a Microsoft Excel remote code execution vulnerability. Connected materials identify affected products as Excel in multiple Office suites (including 2013/2016 and Office Online Server variants) and indicate that exploitation could allow remote code execution. Public ...

8.8CVSS7.8AI score0.53178EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.205 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.200 views

CVE-2022-29109

CVE-2022-29109 affects Microsoft Excel and is described as a remote code execution vulnerability in Excel/Office components. The Open-related documents confirm affected products include Excel and Office Web Apps, with remediation via Microsoft security updates (e.g., KB5002205 for the Office Onli...

7.8CVSS7.9AI score0.02562EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.198 views

CVE-2020-16929

CVE-2020-16929 (Microsoft Excel RCE) is a remote code execution vulnerability caused by improper handling of in-memory objects. Successful exploitation requires a user to open a specially crafted Excel file, via email or web-hosted lure. If the user runs with administrative rights, an attacker co...

7.8CVSS8.4AI score0.03697EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.194 views

CVE-2023-36896

CVE-2023-36896 is a Microsoft Excel remote code execution vulnerability affecting the Excel/Office components. The connected documents confirm the issue is a remote code execution flaw in Excel that can be triggered locally and requires user interaction for exploitation, with high impact (C/H/I/H...

7.8CVSS7.8AI score0.01084EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.190 views

CVE-2022-21840

CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...

8.8CVSS8.8AI score0.03115EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.187 views

CVE-2020-17123

CVE-2020-17123 is a Microsoft Excel Remote Code Execution vulnerability. Public documents confirm an RCE exists in Excel when processing specially crafted Office files, with the underlying issue tied to Excel components/file handling (the CVE is listed among Excel-related updates for December 202...

9.3CVSS7.8AI score0.03568EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.186 views

CVE-2020-17128

CVE-2020-17128 is a Microsoft Excel remote code execution vulnerability that is cited across multiple Nessus plugins as part of the December 2020 Office security updates. Technical details in the connected documents show Excel-related RCE vulnerabilities addressed together with other CVEs (e.g., ...

9.3CVSS7.8AI score0.02618EPSS
CVE
CVE
added 2021/09/15 11:24 a.m.184 views

CVE-2021-38655

CVE-2021-38655 is a Microsoft Excel remote code execution vulnerability referenced across multiple catalogs. The CVE entry, tied to Excel/Office components, is confirmed in the NVD entry and is cited by various advisories and Nessus plugins as affecting Excel remote code execution, with related C...

7.8CVSS7.5AI score0.04896EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.179 views

CVE-2021-31179

Technical details about CVE-2021-31179 are not provided in the supplied documents. Monitor for updates from Microsoft and vulnerability databases for affected products, root cause, and remediation.

7.8CVSS7.8AI score0.13494EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.175 views

CVE-2021-28453

CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...

7.8CVSS7.8AI score0.04068EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.174 views

CVE-2016-0025

CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...

9.3CVSS7.2AI score0.15435EPSS
CVE
CVE
added 2023/06/13 11:25 p.m.174 views

CVE-2023-32029

CVE-2023-32029 is a Microsoft Excel/Office remote code execution vulnerability. The CVSSv3.1 metrics indicate a HIGH impact (C/H, I/H, A/H) with a LOCAL attack vector, LOW attack complexity, no privileges required, but USER INTERACTION is required. Several connected scanner entries (Nessus/OpenVA...

7.8CVSS7.8AI score0.53513EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.172 views

CVE-2021-31177

CVE-2021-31177 is a Microsoft Office/Excel remote code execution vulnerability. Connected sources confirm affected products include Microsoft Office and Excel (C2R and MSI variants) with the issue originating from Office/Excel handling crafted content. Patches released May 11, 2021 (KB5001918 for...

7.8CVSS7.8AI score0.03073EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.166 views

CVE-2021-1714

CVE-2021-1714 is an Excel remote code execution vulnerability affecting Microsoft Excel (Office). The connected sources indicate a vulnerability in Excel with a CVSS v3.1 base score of 7.8 (HIGH) and an attack vector LOCAL requiring user interaction, with confidentiality, integrity, and availabil...

7.8CVSS7.8AI score0.03101EPSS
CVE
CVE
added 2022/08/09 7:50 p.m.165 views

CVE-2022-33648

Microsoft Excel is affected by a remote code execution vulnerability tracked as CVE-2022-33648. The issue is described in multiple sources as an Excel vulnerability that can allow arbitrary code execution, with exploitation tied to a user action and local attack vector per CVSS details (AV:L, AC:...

7.8CVSS7.9AI score0.00774EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.164 views

CVE-2020-16931

CVE-2020-16931 affects Microsoft Excel. A remote code execution flaw arises from improper handling of in-memory objects, allowing arbitrary code execution in the attacker’s context if a user opens a specially crafted Excel file. Exploitation scenarios include email attachments or hosting a crafte...

7.8CVSS8.4AI score0.04824EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.164 views

CVE-2020-16932

CVE-2020-16932 is a Microsoft Excel remote code execution vulnerability. The issue stems from how Excel handles objects in memory, allowing an attacker to run arbitrary code in the context of the current user when a specially crafted Excel file is opened. Exploitation can occur via email (malicio...

7.8CVSS8.4AI score0.04824EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.164 views

CVE-2021-40474

CVE-2021-40474 : Microsoft Excel remote code execution vulnerability. According to the sources, it affects Office/Excel components and has a CVSSv3.1 base score of 7.8 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue is described as a local vulnerability that requires user intera...

7.8CVSS7.5AI score0.02194EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.163 views

CVE-2021-31176

CVE-2021-31176 is a Microsoft Office remote code execution vulnerability affecting Office 2013/2016. Public documentation in the provided connected sources confirms a remote code execution class issue, with Microsoft reference pages and Nessus/OpenVAS entries listing CVE-2021-31176 among Office u...

7.8CVSS7.8AI score0.03047EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.161 views

CVE-2023-23396

CVE-2023-23396 affects Microsoft Excel (and related Office components) with a Denial-of-Service condition. The vulnerability is described in Microsoft advisories as Excel DoS, affecting multiple Excel/Office versions (as listed in KBs like KB5002362/KB5002356). The underlying cause is not detaile...

6.5CVSS6.5AI score0.03829EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.160 views

CVE-2021-31939

CVE-2021-31939 is a Microsoft Excel remote code execution vulnerability reported in the office/Excel component. According to the connected sources, the issue can allow an attacker to execute arbitrary code on a vulnerable system when a user opens or processes specially crafted content, with the C...

7.8CVSS7.7AI score0.13337EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.160 views

CVE-2021-40485

CVE-2021-40485 is described as a Microsoft Excel Remote Code Execution vulnerability. The provided data cites a CVSSv3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, NONE privileges required, and user interaction required; impact is HIGH for confidentiality, integrit...

7.8CVSS7.7AI score0.02545EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.160 views

CVE-2023-33133

CVE-2023-33133 is an Excel remote code execution vulnerability affecting Microsoft Office Excel/Office Web Apps assets. The CVSS v3.1 base score is 7.8 (HIGH) withLOCAL attack vector, LOW complexity, and user interaction required; impact is high on confidentiality, integrity, and availability. Co...

7.8CVSS7.8AI score0.44048EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.160 views

CVE-2023-35371

CVE-2023-35371 is described in the initial record as a Microsoft Office remote code execution vulnerability (Office Remote Code Execution Vulnerability). The connected sources corroborate that it affects Microsoft Office components, including Excel, and list CVE-2023-35371 alongside CVE-2023-3689...

7.8CVSS7.8AI score0.01084EPSS
CVE
CVE
added 2024/11/12 5:54 p.m.160 views

CVE-2024-49026

CVE-2024-49026 is a Microsoft Excel remote code execution vulnerability disclosed for Excel in the Office suite. The initial description and connected documents confirm it affects Excel and was addressed by November 2024 security updates (e.g., KB5002648 for Office Online Server/Month 11 2024 and...

7.8CVSS7.9AI score0.00921EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.158 views

CVE-2021-1715

CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.156 views

CVE-2020-0647

Summary (CVE-2020-0647) A spoofing vulnerability affects Microsoft Office Online/Office Online Server where origin validation in cross-origin communications can fail. Official sources (Microsoft MSRC and CNVD/NVD) describe that an attacker could exploit by sending a specially crafted request to a...

5.8CVSS6AI score0.00917EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.156 views

CVE-2020-0850

CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...

8.8CVSS7.9AI score0.0861EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.156 views

CVE-2021-31175

CVE-2021-31175 is a Microsoft Office/Excel remote code execution vulnerability described as a Microsoft Office Remote Code Execution Vulnerability. Connection documents confirm it is part of a set of Office/Excel remote code execution vulnerabilities addressed by May 2021 security updates (e.g., ...

7.8CVSS7.8AI score0.03156EPSS
CVE
CVE
added 2021/07/16 8:19 p.m.152 views

CVE-2021-34451

CVE-2021-34451 is a spoofing vulnerability affecting Microsoft Office Online Server. Affected product set includes Office Online Server and related Office components; exploitability is network-based with low complexity and no user interaction required per CVSS metrics (CVSS v3.1: 5.3). Microsoft ...

5.3CVSS5.5AI score0.01664EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.151 views

CVE-2020-17125

CVE-2020-17125 is a Microsoft Excel Remote Code Execution vulnerability. The connected Nessus/Excel update references confirm: exploit requires a user, local access, and a specially crafted Excel file can trigger arbitrary code execution on affected Office/Excel builds. Remediation is available v...

9.3CVSS7.8AI score0.03308EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.150 views

CVE-2020-1583

CVE-2020-1583 is a Microsoft Word information-disclosure vulnerability. An attacker could craft a document to cause Word to inappropriately disclose memory contents, enabling data compromise if the memory location of created objects is known. The vulnerability is triggered by memory handling of W...

8.8CVSS7.9AI score0.04906EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.150 views

CVE-2020-17129

CVE-2020-17129 is a Microsoft Excel remote code execution vulnerability documented in multiple sources linked to the December 2020 Excel security updates. The Nessus plugin groups this CVE with other Excel RCE flaws and notes that affected Office/Excel products were missing security updates, impl...

9.3CVSS7.8AI score0.03308EPSS
Total number of security vulnerabilities195