Lucene search
K
MicrosoftOffice Web Apps

106 matches found

CVE
CVE
added 2015/04/14 8:0 p.m.1220 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wild
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2012/12/12 12:0 a.m.997 views

CVE-2012-2539

CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...

9.3CVSS8.2AI score0.53159EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.690 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2018/12/12 12:0 a.m.504 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.394 views

CVE-2018-1028

CVE-2018-1028 is a remote code execution vulnerability in the Office graphics component that occurs when handling specially crafted embedded fonts. It affects Word, Microsoft Office, SharePoint, Excel, and SharePoint Server. Successful exploitation could allow an attacker to take control of the a...

9.3CVSS8.3AI score0.19113EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.307 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2019/08/14 8:55 p.m.205 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.198 views

CVE-2020-16929

CVE-2020-16929 (Microsoft Excel RCE) is a remote code execution vulnerability caused by improper handling of in-memory objects. Successful exploitation requires a user to open a specially crafted Excel file, via email or web-hosted lure. If the user runs with administrative rights, an attacker co...

7.8CVSS8.4AI score0.03424EPSS
CVE
CVE
added 2018/08/15 5:0 p.m.197 views

CVE-2018-8378

CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...

5.5CVSS4.9AI score0.06849EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.187 views

CVE-2022-21840

CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...

8.8CVSS8.8AI score0.03115EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.186 views

CVE-2020-17128

CVE-2020-17128 is a Microsoft Excel remote code execution vulnerability that is cited across multiple Nessus plugins as part of the December 2020 Office security updates. Technical details in the connected documents show Excel-related RCE vulnerabilities addressed together with other CVEs (e.g., ...

9.3CVSS7.8AI score0.02618EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.185 views

CVE-2020-17123

CVE-2020-17123 is a Microsoft Excel Remote Code Execution vulnerability. Public documents confirm an RCE exists in Excel when processing specially crafted Office files, with the underlying issue tied to Excel components/file handling (the CVE is listed among Excel-related updates for December 202...

9.3CVSS7.8AI score0.03568EPSS
CVE
CVE
added 2021/09/15 11:24 a.m.183 views

CVE-2021-38655

CVE-2021-38655 is a Microsoft Excel remote code execution vulnerability referenced across multiple catalogs. The CVE entry, tied to Excel/Office components, is confirmed in the NVD entry and is cited by various advisories and Nessus plugins as affecting Excel remote code execution, with related C...

7.8CVSS7.5AI score0.04634EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.174 views

CVE-2021-28453

CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...

7.8CVSS7.8AI score0.04068EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.173 views

CVE-2016-0025

CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...

9.3CVSS7.2AI score0.16722EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.167 views

CVE-2012-1859

CVE-2012-1859 is a cross-site scripting (XSS) vulnerability in SharePoint components: scriptresx.ashx affects SharePoint Server 2010 (Gold/SP1) and Foundation 2010 (Gold/SP1), as well as Office Web Apps 2010. The issue allows remote attackers to inject arbitrary JavaScript/HTML by crafting elemen...

4.3CVSS5.6AI score0.2308EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.166 views

CVE-2013-1330

CVE-2013-1330 is described as a vulnerability in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1/SP2, and Office Web Apps 2010 where the EnableViewStateMac attribute is not enabled by default. This permits remote code execution via an unassigned...

10CVSS7.4AI score0.27411EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.164 views

CVE-2020-16931

CVE-2020-16931 affects Microsoft Excel. A remote code execution flaw arises from improper handling of in-memory objects, allowing arbitrary code execution in the attacker’s context if a user opens a specially crafted Excel file. Exploitation scenarios include email attachments or hosting a crafte...

7.8CVSS8.4AI score0.04469EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.164 views

CVE-2020-16932

CVE-2020-16932 is a Microsoft Excel remote code execution vulnerability. The issue stems from how Excel handles objects in memory, allowing an attacker to run arbitrary code in the context of the current user when a specially crafted Excel file is opened. Exploitation can occur via email (malicio...

7.8CVSS8.4AI score0.04469EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.163 views

CVE-2013-3848

CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...

9.3CVSS7.5AI score0.21139EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.159 views

CVE-2020-17122

CVE-2020-17122 is a Microsoft Excel remote code execution vulnerability. The public details in the supplied documents identify Excel (Office component) as affected, with the vulnerability categorized as a remote code execution issue in multiple Office deployments. The NVD entry notes a CVSSv3.1 b...

9.3CVSS7.8AI score0.03348EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.158 views

CVE-2013-1315

CVE-2013-1315 is a remote code execution/memory corruption vulnerability affecting Microsoft Office components. The public records identify affected products as Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013; Office Web Apps 2010; Excel 2003 SP3/2007 SP3/2010 SP1/SP2/2013/2013 RT; Offic...

9.3CVSS7.6AI score0.28702EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.158 views

CVE-2021-1715

CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.157 views

CVE-2012-2528

CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...

9.3CVSS7.5AI score0.22117EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.155 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.18238EPSS
CVE
CVE
added 2013/10/09 2:44 p.m.150 views

CVE-2013-3895

CVE-2013-3895 affects Microsoft SharePoint Server 2007 SP3 and SharePoint 2010 SP1/SP2. Described as a parameter-injection vulnerability that enables remote attackers to perform clickjacking via a crafted web page. Connected sources reference MS13-084 as the security update addressing these issue...

6.8CVSS6.7AI score0.2964EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.150 views

CVE-2020-17125

CVE-2020-17125 is a Microsoft Excel Remote Code Execution vulnerability. The connected Nessus/Excel update references confirm: exploit requires a user, local access, and a specially crafted Excel file can trigger arbitrary code execution on affected Office/Excel builds. Remediation is available v...

9.3CVSS7.8AI score0.03308EPSS
CVE
CVE
added 2022/02/09 4:37 p.m.150 views

CVE-2022-22716

CVE-2022-22716 affects Microsoft Excel (part of Office) with an information-disclosure vulnerability. Publicly documented impact is disclosure of potentially sensitive information. Microsoft and third-party advisories reference Excel-specific fixes in February 2022 security updates (e.g., KB50021...

5.5CVSS5.4AI score0.04642EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.149 views

CVE-2020-1583

CVE-2020-1583 is a Microsoft Word information-disclosure vulnerability. An attacker could craft a document to cause Word to inappropriately disclose memory contents, enabling data compromise if the memory location of created objects is known. The vulnerability is triggered by memory handling of W...

8.8CVSS7.9AI score0.04906EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.149 views

CVE-2020-17129

CVE-2020-17129 is a Microsoft Excel remote code execution vulnerability documented in multiple sources linked to the December 2020 Excel security updates. The Nessus plugin groups this CVE with other Excel RCE flaws and notes that affected Office/Excel products were missing security updates, impl...

9.3CVSS7.8AI score0.03308EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.146 views

CVE-2012-1861

CVE-2012-1861 is an XSS vulnerability in Microsoft SharePoint 2010 (Gold/SP1), SharePoint Foundation 2010 (Gold/SP1), and Office Web Apps 2010 (Gold/SP1) where attacker-controlled JavaScript in a URL can execute in the user’s browser. Public sources (OpenVAS/Nessus/Tenable entry MS12-050) referen...

4.3CVSS5.6AI score0.15406EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.141 views

CVE-2020-0980

CVE-2020-0980 is a Microsoft Word remote code execution vulnerability caused by improper handling of in-memory objects. It affects Word/Office when parsing crafted files; the impact is potential code execution in the current user context. In public docs, the vulnerability is addressed by the Offi...

9.3CVSS8.3AI score0.11548EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.139 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.136 views

CVE-2017-8631

CVE-2017-8744 is a remote code execution in Microsoft Office components caused by improper handling of in-memory objects, leading to memory corruption. Documented affected software includes Excel Services and Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, as well as related Office Web...

9.3CVSS7.6AI score0.16358EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.136 views

CVE-2020-1342

CVE-2020-1342 is an information-disclosure vulnerability in Microsoft Office (notably Word/Office components) caused by reading out of bound memory due to an uninitialized variable. The detail explicitly states memory contents could be disclosed when a vulnerable file is opened in affected Office...

5.5CVSS6AI score0.06411EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.130 views

CVE-2020-0892

CVE-2020-0892 is a Microsoft Word remote code execution vulnerability. The linked documents confirm Word is vulnerable when it fails to properly handle objects in memory, allowing a crafted file to run code in the current user’s context. The issue is tied to multiple Word-related CVEs and is disc...

9.3CVSS8AI score0.11548EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.130 views

CVE-2020-1224

CVE-2020-1224 describes an information-disclosure vulnerability in Microsoft Excel where memory contents could be improperly disclosed. The issue arises when Excel handles objects in memory, allowing an attacker to craft a document that, if opened by a user, could reveal memory contents and poten...

5.5CVSS6.4AI score0.04352EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.129 views

CVE-2021-1716

CVE-2021-1716 is a Microsoft Word Remote Code Execution vulnerability. The initial entry confirms a Word-related RCE with CVSS v3.1 base score 7.8 (HIGH) and local attack vector, with user interaction required. Connected sources (Nessus/Office/SharePoint plugin data) reference CVE-2021-1716 as pa...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.128 views

CVE-2020-1218

CVE-2020-1218 – Microsoft Word Remote Code Execution : A vulnerability in Word where memory handling of in-file objects can be corrupted by a specially crafted file. An attacker could exploit this via email or a compromised website by convincing a user to open the crafted Word document, executing...

8.8CVSS8.3AI score0.03635EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.127 views

CVE-2020-1503

CVE-2020-1503 is an information-disclosure vulnerability in Microsoft Word where memory contents can be disclosed through a crafted Word document. The root cause is improper handling of in‑memory objects, enabling disclosure of memory contents when a user opens a malicious document. Exploitation ...

5.5CVSS6.4AI score0.04553EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.127 views

CVE-2020-17126

CVE-2020-17126 is identified as a Microsoft Excel Information Disclosure Vulnerability. The primary entry (NVD/NIST) classifies it under an information disclosure issue with a CVSS v3.1 base score of 5.5 (local access, low privileges, high confidentiality impact; no integrity/availability impact ...

5.5CVSS5.6AI score0.01074EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.121 views

CVE-2017-8511

Technical details for CVE-2017-8511 (affected Office component, root cause, impact, fix) are not provided in the Connected documents. Monitor for updates; no public technical details available in the supplied sources.

9.3CVSS7.2AI score0.20612EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.120 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.120 views

CVE-2020-1335

CVE-2020-1335 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker could run arbitrary code in the user’s context, potentially taking full control if the user has admin rights. Exploitation requires the user to open a specially crafte...

8.8CVSS8.6AI score0.03665EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.120 views

CVE-2020-1447

CVE-2020-1447 is a Microsoft Word remote code execution vulnerability tied to how Word handles objects in memory. Connected sources corroborate that it affects Word and can allow an attacker to run code in the context of the current user when a specially crafted file is opened or processed. The N...

8.8CVSS8.8AI score0.10677EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.119 views

CVE-2011-1892

CVE-2011-1892 targets SharePoint-related products (SharePoint Server/Workspace/ Groove components, Office Web Apps, Windows SharePoint Services, etc.). The flaw is an XXE-style vulnerability where Web Parts containing XML classes referencing external entities allow remote authenticated users to r...

4CVSS6.1AI score0.38332EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.119 views

CVE-2017-8742

Two CVEs (CVE-2017-8742 and CVE-2017-8743) describe remote code execution in Microsoft PowerPoint family and associated server/web apps due to improper handling of objects in memory. CVE-2017-8742 affects PowerPoint up to 2016, PowerPoint Viewer 2007, SharePoint Server 2013 SP1, SharePoint Enterp...

9.3CVSS8AI score0.21319EPSS
Total number of security vulnerabilities106