Lucene search
K
MicrosoftOffice Web Apps Server

62 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.1184 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2014/03/24 7:0 p.m.1063 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.7746EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.938 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81454EPSS
In wild
CVE
CVE
added 2022/05/10 8:34 p.m.273 views

CVE-2022-29110

CVE-2022-29110 refers to a Microsoft Excel remote code execution vulnerability documented in the NVD entry. Available connected documents provide concrete remediation: for Excel 2016, the May 10, 2022 security update KB5002196 addresses this issue (and KB5002196 notes Excel 2016 install requireme...

9.3CVSS7.8AI score0.03602EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.252 views

CVE-2023-23399

The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...

7.8CVSS7.8AI score0.02532EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.237 views

CVE-2021-40486

CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...

7.8CVSS7.7AI score0.05692EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.222 views

CVE-2022-26901

Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.

7.8CVSS7.8AI score0.02583EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.222 views

CVE-2022-30172

CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...

5.5CVSS6AI score0.02581EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.220 views

CVE-2021-40442

CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...

7.8CVSS7.6AI score0.0207EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2019/08/14 8:55 p.m.205 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.201 views

CVE-2022-30173

CVE-2022-30173 is identified as a Microsoft Excel Remote Code Execution vulnerability. Connected sources confirm an Excel-related RCE in Office/Excel 2016 and reference security update KB5002208 as the remediation path. The documents do not disclose the exact root cause, vulnerable component/vers...

7.8CVSS7.8AI score0.02162EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.179 views

CVE-2021-31179

Technical details about CVE-2021-31179 are not provided in the supplied documents. Monitor for updates from Microsoft and vulnerability databases for affected products, root cause, and remediation.

7.8CVSS7.8AI score0.13494EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.175 views

CVE-2021-28453

CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...

7.8CVSS7.8AI score0.04068EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.174 views

CVE-2016-0025

CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...

9.3CVSS7.2AI score0.15435EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.172 views

CVE-2021-31177

CVE-2021-31177 is a Microsoft Office/Excel remote code execution vulnerability. Connected sources confirm affected products include Microsoft Office and Excel (C2R and MSI variants) with the issue originating from Office/Excel handling crafted content. Patches released May 11, 2021 (KB5001918 for...

7.8CVSS7.8AI score0.03073EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.166 views

CVE-2021-1714

CVE-2021-1714 is an Excel remote code execution vulnerability affecting Microsoft Excel (Office). The connected sources indicate a vulnerability in Excel with a CVSS v3.1 base score of 7.8 (HIGH) and an attack vector LOCAL requiring user interaction, with confidentiality, integrity, and availabil...

7.8CVSS7.8AI score0.03101EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.164 views

CVE-2021-40474

CVE-2021-40474 : Microsoft Excel remote code execution vulnerability. According to the sources, it affects Office/Excel components and has a CVSSv3.1 base score of 7.8 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue is described as a local vulnerability that requires user intera...

7.8CVSS7.5AI score0.02194EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.163 views

CVE-2021-31176

CVE-2021-31176 is a Microsoft Office remote code execution vulnerability affecting Office 2013/2016. Public documentation in the provided connected sources confirms a remote code execution class issue, with Microsoft reference pages and Nessus/OpenVAS entries listing CVE-2021-31176 among Office u...

7.8CVSS7.8AI score0.03047EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.161 views

CVE-2023-23396

CVE-2023-23396 affects Microsoft Excel (and related Office components) with a Denial-of-Service condition. The vulnerability is described in Microsoft advisories as Excel DoS, affecting multiple Excel/Office versions (as listed in KBs like KB5002362/KB5002356). The underlying cause is not detaile...

6.5CVSS6.5AI score0.03829EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.160 views

CVE-2021-31939

CVE-2021-31939 is a Microsoft Excel remote code execution vulnerability reported in the office/Excel component. According to the connected sources, the issue can allow an attacker to execute arbitrary code on a vulnerable system when a user opens or processes specially crafted content, with the C...

7.8CVSS7.7AI score0.13337EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.158 views

CVE-2021-1715

CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.156 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.18238EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.156 views

CVE-2021-31175

CVE-2021-31175 is a Microsoft Office/Excel remote code execution vulnerability described as a Microsoft Office Remote Code Execution Vulnerability. Connection documents confirm it is part of a set of Office/Excel remote code execution vulnerabilities addressed by May 2021 security updates (e.g., ...

7.8CVSS7.8AI score0.03156EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.148 views

CVE-2021-1713

CVE-2021-1713 corresponds to a Microsoft Excel remote code execution vulnerability affecting Office/Excel products. The connected documents confirm multiple Office-related CVEs in January 2021 (CVE-2021-1713 among others) with Microsoft security updates issued in that period. The provided sources...

7.8CVSS7.6AI score0.03101EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.148 views

CVE-2021-31178

CVE-2021-31178 is described in the connected documents as an information-disclosure vulnerability in Microsoft Office. The Nessus/OpenVAS entries reference this CVE as part of the Office May 2021 vulnerability set and note affected products (Office/Excel) and the need for security updates, listin...

5.5CVSS6.1AI score0.16012EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.140 views

CVE-2021-28454

CVE-2021-28454 = Microsoft Excel Remote Code Execution Vulnerability in Office suites. Root cause described as a vulnerability in Excel that allows code execution with the privileges of the logged-in user (UI: REQUIRED, vector: LOCAL). Affected products include various Office versions that includ...

7.8CVSS7.8AI score0.03138EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.139 views

CVE-2021-31174

CVE-2021-31174 is a Microsoft Excel information-disclosure vulnerability. The CVSSv3.1 base score is 5.5 (MEDIUM) with LOCAL attack vector, LOW attack complexity, and HIGH confidentiality impact (I:N, C:H, A:N). Public references in the connected documents indicate this CVE is addressed by the Ex...

5.5CVSS6.1AI score0.02939EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.137 views

CVE-2021-40472

CVE-2021-40472 is an information-disclosure vulnerability in Microsoft Excel. The NVD entry lists CVSS v3.1 impact: confidentiality HIGH with LOCAL attack vector, low complexity, and no user interaction (base score 5.5). CVSS v2.0 reflects a lower base score (2.1). The connected documents confirm...

5.5CVSS5.9AI score0.00715EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.135 views

CVE-2022-41061

CVE-2022-41061 is a Microsoft Word remote code execution vulnerability. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and user interaction required; impact is high for confidentiality, integrity, and availability. Affected: Microsoft Word / Office compon...

7.8CVSS7.8AI score0.01133EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.132 views

CVE-2021-28451

CVE-2021-28451 is a Microsoft Excel remote code execution vulnerability. Public documentation in the initial record shows CVSS v3.1 base score 7.8 (HIGH) with LOCAL, LOW-C, UI:R, CONSEQUENCES: HIGH for confidentiality, integrity, and availability. The connected Microsoft security advisories indic...

7.8CVSS7.8AI score0.0235EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.130 views

CVE-2021-34518

CVE-2021-34518 is an Excel Remote Code Execution vulnerability affecting Microsoft Excel/Office. NT/LOCAL exploitability is reported when handling Excel files, with Microsoft patching via the July 2021 security updates (e.g., KB5001977 for Excel 2016). Connected sources also reference Nessus plug...

7.8CVSS7.8AI score0.02151EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.129 views

CVE-2021-1716

CVE-2021-1716 is a Microsoft Word Remote Code Execution vulnerability. The initial entry confirms a Word-related RCE with CVSS v3.1 base score 7.8 (HIGH) and local attack vector, with user interaction required. Connected sources (Nessus/Office/SharePoint plugin data) reference CVE-2021-1716 as pa...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.129 views

CVE-2022-30171

Technical details about CVE-2022-30171 (affected product/version, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates.

5.5CVSS6.2AI score0.0242EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.129 views

CVE-2022-41060

CVE-2022-41060 is a Microsoft Word information disclosure vulnerability. The connected documents reference Word/Office components affected by the November 2022 updates and Office Web Apps Server updates (e.g., KB5002261, KB5002276) addressing Word information disclosure and related vulnerabilitie...

5.5CVSS6.1AI score0.00739EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.126 views

CVE-2022-41103

CVE-2022-41103 is Microsoft Word Information Disclosure Vulnerability. Connected sources indicate it is referenced alongside Word/Office and SharePoint update bundles (e.g., Word C2R and SharePoint November 2022 patches). The vulnerability is described as information disclosure; no explicit root-...

5.5CVSS6.1AI score0.00867EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.125 views

CVE-2021-28456

CVE-2021-28456 is a Microsoft Excel information disclosure vulnerability. The CVE is linked to Excel components and is reported in multiple sources as part of a family of vulnerabilities affecting Excel and Office products (e.g., CVE-2021-28449, CVE-2021-28451, CVE-2021-28454). The connected docu...

5.5CVSS5.9AI score0.03688EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.123 views

CVE-2022-41063

CVE-2022-41063 is a Microsoft Excel remote code execution vulnerability. The connected documents confirm Excel as the affected product and cite a remote code execution issue, with the NVD entry providing a CVSSv3.1 score of 7.8 (HIGH) and a Local attack vector with User Interaction required. The ...

7.8CVSS7.9AI score0.00774EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.122 views

CVE-2017-8511

Technical details for CVE-2017-8511 (affected Office component, root cause, impact, fix) are not provided in the Connected documents. Monitor for updates; no public technical details available in the supplied sources.

9.3CVSS7.2AI score0.20612EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.122 views

CVE-2017-8742

Two CVEs (CVE-2017-8742 and CVE-2017-8743) describe remote code execution in Microsoft PowerPoint family and associated server/web apps due to improper handling of objects in memory. CVE-2017-8742 affects PowerPoint up to 2016, PowerPoint Viewer 2007, SharePoint Server 2013 SP1, SharePoint Enterp...

9.3CVSS8AI score0.21319EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.122 views

CVE-2022-41106

CVE-2022-41106 is a Microsoft Excel Remote Code Execution vulnerability. Public details in connected docs describe Excel/Office components as affected and indicate that security updates exist. Remediation in public docs includes security updates: KB5002253 for Excel 2016 (and related Office insta...

8.8CVSS8.2AI score0.02224EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.115 views

CVE-2018-8577

CVE-2018-8577 affects Microsoft Excel (and related Office components). The vulnerability arises when Excel fails to properly handle objects in memory, enabling a remote code execution where an attacker could run arbitrary code in the context of the current user. CVSSv3 vector indicates a local at...

9.3CVSS7.9AI score0.19059EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.114 views

CVE-2019-0561

CVE-2019-0561 is an information-disclosure vulnerability in Microsoft Word/Office related to improper handling of Word fields, specifically via Word macro buttons. The issue allows reading arbitrary files from the targeted system. Multiple Nessus/OpenVAS entries and advisories group CVE-2019-0561...

5.5CVSS6.1AI score0.08243EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.112 views

CVE-2017-0195

CVE-2017-0195 affects Microsoft SharePoint/Office Web Apps stack (e.g., SharePoint Server, Excel Services, Excel Web Apps, Office Web Apps Server, Office Online Server). The vulnerability enables remote attackers to perform cross-site scripting and to run script with local user privileges via a c...

5.4CVSS5.2AI score0.03842EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.111 views

CVE-2016-0022

CVE-2016-0022 corresponds to a memory corruption vulnerability in Microsoft Office components (Word and related Word/Office Suite on Windows and Mac) that could allow remote code execution via a crafted Office document. Connected sources indicate this is tied to MS16-015 and affects Word 2007 SP3...

9.3CVSS7.7AI score0.19541EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.105 views

CVE-2016-3357

CVE-2016-3357 is a Microsoft Office memory corruption vulnerability: multiple Office components (Word/Excel/PowerPoint and related servers) allow remote code execution via a crafted document. Root cause cited as improper handling of objects in memory. Affected products span Office 2007 SP3 throug...

9.3CVSS7.6AI score0.54809EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.103 views

CVE-2017-8512

Technical details about CVE-2017-8512 (affected product/version/root cause/impact/fix) are not provided in the connected documents. Monitor official advisories for updates; current materials do not specify exploitation or remediation information.

9.3CVSS7.2AI score0.22127EPSS
CVE
CVE
added 2014/05/14 10:0 a.m.101 views

CVE-2014-1754

CVE-2014-1754 is a cross-site scripting (XSS) vulnerability affecting Microsoft SharePoint Server 2013 (Gold/SP1), SharePoint Foundation 2013 (Gold/SP1), Office Web Apps Server 2013 (Gold/SP1), and SharePoint Server 2013 Client Components SDK. The issue allows remote attackers to inject arbitrary...

4.3CVSS4.9AI score0.11073EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.101 views

CVE-2015-0085

CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...

9.3CVSS7.4AI score0.17279EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.101 views

CVE-2022-30159

CVE-2022-30159 is identified as a Microsoft Office information disclosure vulnerability referenced by security updates KB5002062/KB5002222/KB5002224. The connected documents indicate affected ecosystems include SharePoint Server and Microsoft Office components, with remediation via the listed sec...

5.5CVSS5.7AI score0.02581EPSS
Total number of security vulnerabilities62