Lucene search
K
MicrosoftOffice Word Viewer

42 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.1183 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.1080 views

CVE-2019-0541

CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...

9.3CVSS7.9AI score0.53202EPSS
In wild
CVE
CVE
added 2012/12/12 12:0 a.m.997 views

CVE-2012-2539

CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...

9.3CVSS8.2AI score0.53159EPSS
In wild
CVE
CVE
added 2009/06/10 5:37 p.m.996 views

CVE-2009-0563

CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...

9.3CVSS8.1AI score0.63081EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.937 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81627EPSS
In wild
CVE
CVE
added 2018/08/15 5:0 p.m.197 views

CVE-2018-8378

CVE-2018-8378 describes an information disclosure in Microsoft Office when Office reads out-of-bounds memory due to an uninitialized variable, potentially exposing memory contents. Affected components include Word, SharePoint Server, Word/Excel Viewers, and related Office products. Connected Open...

5.5CVSS4.9AI score0.06849EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.193 views

CVE-2009-0565

CVE-2009-0565 is a Word buffer-overflow vulnerability caused by a malformed record (Sprm) in Word documents, leading to remote code execution. Affected products include Microsoft Word 2000 SP3, 2002 SP3, 2007 SP1/SP2, Word for Mac 2004/2008, Open XML File Format Converter for Mac, and Office Comp...

9.3CVSS7.8AI score0.40503EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.163 views

CVE-2017-0283

CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...

9.3CVSS6.4AI score0.39019EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.156 views

CVE-2017-8695

CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...

5.3CVSS6AI score0.09643EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.145 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.143 views

CVE-2017-0073

Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.

4.3CVSS4.3AI score0.33359EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.140 views

CVE-2017-0060

The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....

5.5CVSS4.3AI score0.15939EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.139 views

CVE-2018-0851

CVE-2018-0851 affects multiple Microsoft Office versions: Office 2007 SP2, Word Viewer, Office 2010 SP2, Office 2013 SP1/RT SP1, Office 2016, and Office 2016 Click-to-Run. The vulnerability arises from how Office handles objects in memory, described as a memory corruption issue that enables remot...

9.3CVSS8.7AI score0.19536EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.130 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.127 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.119 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.117 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.111 views

CVE-2017-0285

CVSS context : CVE-2017-0285 is an information-disclosure vulnerability in Windows Uniscribe. The connected document KLA11039 lists an information-disclosure vulnerability in Windows Uniscribe that can be exploited remotely via specially crafted documents to obtain sensitive information. What is ...

5CVSS4.9AI score0.02973EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.110 views

CVE-2017-8682

CVE-2017-8682 is a Win32k Graphics Remote Code Execution issue where remote code could be executed by mis-handling embedded fonts. Affected products include multiple Windows versions (Server 2008 SP2/R2 SP1, Windows 7 SP1, 8.1, 10 1511/1607/1703, Server 2012/2016) and Office Word Viewer/Office 20...

9.3CVSS7.3AI score0.49765EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.104 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.101 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2014/11/11 10:0 p.m.96 views

CVE-2014-6334

CVE-2014-6334 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue is a memory-handling flaw in parsing crafted Office documents that can lead to remote code execution or memory corruption/DoS. The connected OpenVAS/Nessus entries corroborate Word/Office comp...

9.3CVSS8.8AI score0.17204EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.90 views

CVE-2009-3135

Microsoft Word Remote Code Execution (CVE-2009-3135) affects Word 2002 SP3, Word 2003 SP3, Word 2004/2008 for Mac, Open XML File Format Converter for Mac, Word Viewer 2003 SP3, and Word Viewer. The vulnerability is a stack-based buffer overflow in Word’s File Information Block (FIB) parsing, whic...

9.3CVSS7.8AI score0.35792EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.89 views

CVE-2018-0922

CVE-2018-0922 is a remote code execution vulnerability arising from how Office objects are handled in memory across multiple Microsoft Office products (Word, Excel, SharePoint, Web Apps, Viewer, etc.). Connected sources confirm the issue affects a wide range of Office/SharePoint versions (e.g., O...

9.3CVSS7.8AI score0.18104EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.88 views

CVE-2018-8427

CVE-2018-8427 is an information-disclosure vulnerability in Microsoft Graphics Components that affects Microsoft Office family products (Office, Word Viewer, PowerPoint/Excel Viewers, Office 365 ProPlus) and related Windows components (Windows Server 2008). The root cause involves improper handli...

5.5CVSS5.7AI score0.02293EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.83 views

CVE-2008-4025

CVE-2008-4025 corresponds to a set of Word/RTF parsing vulnerabilities (word memory/RTF object parsing) in Office products where an integer overflow during RTF/Polyline point processing can trigger a heap-based buffer overflow and remote code execution. Affected software includes Word 2000 SP3, 2...

9.3CVSS7.7AI score0.32943EPSS
CVE
CVE
added 2018/07/11 12:0 a.m.83 views

CVE-2018-8281

CVE-2018-8281: A remote code execution vulnerability in Microsoft Office family (Excel Viewer, PowerPoint Viewer, Office, Word Viewer) arises when Office fails to properly handle objects in memory. Connected documents confirm the issue affects Microsoft Office Viewers and Office-related component...

9.3CVSS7.9AI score0.19546EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.81 views

CVE-2010-1901

CVE-2010-1901 affects Microsoft Word and related Office components (Word 2002 SP3, 2003 SP3, 2007 SP2; Mac: Office 2004/2008, Open XML Converter for Mac, Word Viewer, Compatibility Pack SP2) where the RTF parsing engine mishandles unspecified properties in rich text data, causing a memory corrupt...

9.3CVSS7.7AI score0.19399EPSS
CVE
CVE
added 2014/11/11 10:0 p.m.81 views

CVE-2014-6333

CVE-2014-6333 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue arises when parsing specially crafted Office documents, enabling a remote attacker to execute arbitrary code in the context of the logged-in user. The connected advisories consolidate three re...

9.3CVSS8.8AI score0.17852EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.80 views

CVE-2008-4031

CVE-2008-4031 is a remote code execution vulnerability in Microsoft Office Word/Word components caused by a memory corruption during parsing of Rich Text Format (RTF) content. The issue can be triggered when a user opens a specially crafted RTF file or previews a malicious RTF email, potentially ...

9.3CVSS7.4AI score0.2339EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.77 views

CVE-2008-4024

CVE-2008-4024 affects Microsoft Word 2000 SP3, Word 2002 SP3, and Word 2004 for Mac. A remote code execution vulnerability arises when processing a specially crafted Word file containing lcbPlcfBkfSdt in the File Information Block (FIB); this can bypass an initialization step and trigger an arbit...

9.3CVSS7.2AI score0.28876EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.77 views

CVE-2010-1903

CVE-2010-1903 is a Word HTML Linked Objects Memory Corruption vulnerability affecting Microsoft Office Word/Word Viewer. A remote attacker could trigger memory corruption by processing a specially crafted Word file, leading to remote code execution or potential denial of service. Public disclosur...

9.3CVSS7.6AI score0.19399EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.76 views

CVE-2008-4028

CVE-2008-4028 is described in connected advisories as a Word RTF Object Parsing memory corruption/heap overflow vulnerability. It affects Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, 2007 Gold/SP1; Word Viewer 2003; Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats Gold...

9.3CVSS7.5AI score0.38057EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.76 views

CVE-2008-4837

CVE-2008-4837 is a Word memory corruption vulnerability (Word Memory Corruption Vulnerability) affecting Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold/SP1, Word Viewer 2003, and related Office components. The issue arises from a stack/memory corruption when processing a crafted Word document w...

9.3CVSS7.7AI score0.37422EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.74 views

CVE-2008-4027

CVE-2008-4027 is a remote code execution vulnerability in Microsoft Word/Office applications caused by parsing malformed Rich Text Format (RTF) files. The flaw arises from mishandling consecutive Drawing Object ("\do") tags, leading to memory corruption and potential arbitrary code execution. Aff...

9.3CVSS7.3AI score0.33906EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.73 views

CVE-2010-1900

CVE-2010-1900 affects Microsoft Word (various Windows/macOS editions) and related components. A remote-code-execution/memory-corruption flaw arises from Word opening malformed Word files that contain malformed records, enabling an attacker to execute arbitrary code or cause memory corruption on i...

9.3CVSS7.6AI score0.39813EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.66 views

CVE-2008-4026

CVE-2008-4026 is a remote-code-execution vulnerability in Microsoft Word handling crafted Word files that contain a malformed value, triggering memory corruption. Affected products include Word 2000 SP3, 2002 SP3, 2003 SP3, 2007 (Gold and SP1), Word Viewer 2003 SP3, Office Compatibility Pack for ...

9.3CVSS7.4AI score0.2339EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.66 views

CVE-2010-1902

CVE-2010-1902 describes a remote-code-execution flaw in Microsoft Word’s RTF parsing engine. The vulnerability is triggered by crafted RTF data, specifically via drawing object control words that copy properties into a heap buffer without bounds checking, causing a heap buffer overflow. Affected ...

9.3CVSS7.9AI score0.23415EPSS
CVE
CVE
added 2014/11/11 10:0 p.m.65 views

CVE-2014-6335

CVE-2014-6335 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The root cause is improper handling of objects in memory while parsing specially crafted Office files, leading to remote code execution or memory corruption (and possible DoS). Technical details across ...

9.3CVSS8.8AI score0.16038EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.58 views

CVE-2008-4030

CVE-2008-4030 corresponds to a memory-corruption remote code execution issue in Microsoft Office Word (various versions) triggered by crafted control words in Rich Text Format (RTF) files or in RTF emails. Connected advisories attribute the vulnerability to a memory calculation error in Word that...

9.3CVSS7.3AI score0.2339EPSS