Office Security Vulnerabilities and Issues — Page 10 of Office CVE List

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a ...

9.3CVSS7.4AI score0.74659EPSS

CVE•added 2015/08/15 12:59 a.m.•85 views

CVE-2015-2455

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, S...

9.3CVSS7.3AI score0.6028EPSS

CVE•added 2016/01/13 5:59 a.m.•85 views

CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013...

4.3CVSS5.1AI score0.13313EPSS

CVE•added 2018/01/10 1:29 a.m.•85 views

CVE-2018-0795

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.29711EPSS

CVE•added 2020/11/11 7:15 a.m.•85 views

CVE-2020-17067

Microsoft Excel Security Feature Bypass Vulnerability

7.8CVSS7.4AI score0.09312EPSS

CVE•added 2021/09/15 12:15 p.m.•85 views

CVE-2021-38653

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.08194EPSS

CVE•added 2023/10/10 6:15 p.m.•85 views

CVE-2023-36565

Microsoft Office Graphics Elevation of Privilege Vulnerability

7CVSS7AI score0.00094EPSS

CVE•added 2025/03/11 5:16 p.m.•85 views

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00139EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.00177EPSS

CVE•added 2010/05/12 11:46 a.m.•84 views

CVE-2010-0815

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via ...

9.3CVSS7.6AI score0.61415EPSS

CVE•added 2010/11/10 3:0 a.m.•84 views

CVE-2010-2573

Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."

9.3CVSS7.4AI score0.6115EPSS

CVE•added 2014/10/15 10:55 a.m.•84 views

CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code vi...

9.3CVSS8.7AI score0.35711EPSS

CVE•added 2015/08/15 12:59 a.m.•84 views

CVE-2015-2456

9.3CVSS7.3AI score0.6028EPSS

CVE•added 2017/03/17 12:59 a.m.•84 views

CVE-2017-0029

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

5.5CVSS5.8AI score0.22643EPSS

CVE•added 2018/02/15 2:29 a.m.•84 views

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

6.5CVSS7.3AI score0.16576EPSS

CVE•added 2018/11/14 1:29 a.m.•84 views

CVE-2018-8539

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

9.3CVSS7.9AI score0.16169EPSS

CVE•added 2022/10/11 7:15 p.m.•84 views

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.02786EPSS

CVE•added 2023/07/11 6:15 p.m.•84 views

CVE-2023-33158

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00374EPSS

CVE•added 2025/04/08 6:16 p.m.•84 views

CVE-2025-27752

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00944EPSS

CVE•added 2009/10/14 10:30 a.m.•83 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS

CVE•added 2010/06/08 8:30 p.m.•83 views

CVE-2010-0822

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."

9.3CVSS7.9AI score0.80447EPSS

CVE•added 2016/07/13 1:59 a.m.•83 views

CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2...

5.5CVSS6.8AI score0.25755EPSS

CVE•added 2016/12/20 6:59 a.m.•83 views

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2018/01/10 1:29 a.m.•83 views

CVE-2018-0796

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.36001EPSS

CVE•added 2018/06/14 12:29 p.m.•83 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS

CVE•added 2019/03/06 12:0 a.m.•83 views

CVE-2019-0674

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2019/12/10 10:15 p.m.•83 views

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

5.5CVSS5AI score0.01654EPSS

CVE•added 2021/03/11 4:15 p.m.•83 views

CVE-2021-24108

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0095EPSS

CVE•added 2023/07/11 6:15 p.m.•83 views

CVE-2023-33153

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS7.6AI score0.00421EPSS

CVE•added 2025/04/08 6:16 p.m.•83 views

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00944EPSS

CVE•added 2015/12/09 11:59 a.m.•82 views

CVE-2015-6107

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, ...

9.3CVSS7.5AI score0.52287EPSS

CVE•added 2016/05/11 1:59 a.m.•82 views

CVE-2016-0126

Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.9AI score0.30017EPSS

CVE•added 2017/09/13 1:29 a.m.•82 views

CVE-2017-8744

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "M...

9.3CVSS7.7AI score0.6165EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8522

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524,...

9.3CVSS8.3AI score0.17102EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

9.3CVSS7.9AI score0.16169EPSS

CVE•added 2019/04/09 9:29 p.m.•82 views

CVE-2019-0825

7.8CVSS7.8AI score0.19127EPSS

CVE•added 2019/11/12 7:15 p.m.•82 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would ...

10CVSS9.3AI score0.0625EPSS

CVE•added 2020/06/09 8:15 p.m.•82 views

CVE-2020-1321

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.39264EPSS

CVE•added 2020/10/16 11:15 p.m.•82 views

CVE-2020-16928

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.To exploit this vulnerability, an attacker would need to convince a user to open a speci...

7.8CVSS7.4AI score0.08331EPSS

CVE•added 2023/07/11 6:15 p.m.•82 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00768EPSS

CVE•added 2024/11/12 6:15 p.m.•82 views

CVE-2024-49030

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00689EPSS

CVE•added 2009/10/14 10:30 a.m.•81 views

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project...

9.3CVSS9.7AI score0.46054EPSS

CVE•added 2011/04/13 6:55 p.m.•81 views

CVE-2011-0105

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Ini...

9.3CVSS7.8AI score0.89418EPSS

CVE•added 2015/11/11 12:59 p.m.•81 views

CVE-2015-6091

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS

CVE•added 2016/04/12 11:59 p.m.•81 views

CVE-2016-0127

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server ...

9.3CVSS7.8AI score0.21675EPSS

CVE•added 2016/08/09 9:59 p.m.•81 views

CVE-2016-3317

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.31597EPSS

Total number of security vulnerabilities953