Lucene search

K
MicrosoftOffice

950 matches found

CVE
CVE
added 2016/01/13 5:59 a.m.86 views

CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013...

4.3CVSS5.1AI score0.13313EPSS
CVE
CVE
added 2018/04/12 1:29 a.m.86 views

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...

6.5CVSS5.4AI score0.15198EPSS
CVE
CVE
added 2020/11/11 7:15 a.m.86 views

CVE-2020-17067

Microsoft Excel Security Feature Bypass Vulnerability

7.8CVSS7.4AI score0.09312EPSS
CVE
CVE
added 2021/09/15 12:15 p.m.86 views

CVE-2021-38653

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.08194EPSS
CVE
CVE
added 2022/10/11 7:15 p.m.86 views

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.02786EPSS
CVE
CVE
added 2023/10/10 6:15 p.m.86 views

CVE-2023-36565

Microsoft Office Graphics Elevation of Privilege Vulnerability

7CVSS7AI score0.00094EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.86 views

CVE-2025-27752

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.0022EPSS
CVE
CVE
added 2010/05/12 11:46 a.m.85 views

CVE-2010-0815

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via ...

9.3CVSS7.6AI score0.61415EPSS
CVE
CVE
added 2010/06/08 8:30 p.m.85 views

CVE-2010-0822

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."

9.3CVSS7.9AI score0.80447EPSS
CVE
CVE
added 2010/11/10 3:0 a.m.85 views

CVE-2010-2573

Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."

9.3CVSS7.4AI score0.6115EPSS
CVE
CVE
added 2016/07/13 1:59 a.m.85 views

CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2...

5.5CVSS6.8AI score0.25755EPSS
CVE
CVE
added 2016/12/20 6:59 a.m.85 views

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.85 views

CVE-2017-0029

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

5.5CVSS5.8AI score0.22643EPSS
CVE
CVE
added 2018/01/10 1:29 a.m.85 views

CVE-2018-0795

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.29711EPSS
CVE
CVE
added 2018/02/15 2:29 a.m.85 views

CVE-2018-0850

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

6.5CVSS7.3AI score0.12909EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.85 views

CVE-2023-33158

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00374EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.85 views

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00252EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.84 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS
CVE
CVE
added 2018/06/14 12:29 p.m.84 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.84 views

CVE-2019-0674

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.84 views

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

5.5CVSS5AI score0.01654EPSS
CVE
CVE
added 2021/03/11 4:15 p.m.84 views

CVE-2021-24108

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0095EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.84 views

CVE-2023-33153

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS7.6AI score0.00421EPSS
CVE
CVE
added 2015/12/09 11:59 a.m.83 views

CVE-2015-6107

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, ...

9.3CVSS7.5AI score0.49407EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.83 views

CVE-2016-0126

Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.9AI score0.30017EPSS
CVE
CVE
added 2016/04/12 11:59 p.m.83 views

CVE-2016-0127

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server ...

9.3CVSS7.8AI score0.21675EPSS
CVE
CVE
added 2017/09/13 1:29 a.m.83 views

CVE-2017-8744

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "M...

9.3CVSS7.7AI score0.6165EPSS
CVE
CVE
added 2018/01/10 1:29 a.m.83 views

CVE-2018-0796

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.36001EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.83 views

CVE-2018-8522

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524,...

9.3CVSS8.3AI score0.17102EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.83 views

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

9.3CVSS7.9AI score0.16169EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.83 views

CVE-2019-0825

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.83 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would ...

10CVSS9.3AI score0.0625EPSS
CVE
CVE
added 2020/06/09 8:15 p.m.83 views

CVE-2020-1321

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.39264EPSS
CVE
CVE
added 2020/10/16 11:15 p.m.83 views

CVE-2020-16928

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.To exploit this vulnerability, an attacker would need to convince a user to open a speci...

7.8CVSS7.4AI score0.10901EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.83 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00768EPSS
CVE
CVE
added 2024/11/12 6:15 p.m.83 views

CVE-2024-49030

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00971EPSS
CVE
CVE
added 2025/06/10 5:23 p.m.83 views

CVE-2025-47162

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.6AI score0.00066EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.82 views

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project...

9.3CVSS9.7AI score0.46054EPSS
CVE
CVE
added 2015/11/11 12:59 p.m.82 views

CVE-2015-6091

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS
CVE
CVE
added 2016/08/09 9:59 p.m.82 views

CVE-2016-3317

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.30017EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.82 views

CVE-2019-0826

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.82 views

CVE-2019-0947

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946.

9.3CVSS7.9AI score0.24224EPSS
CVE
CVE
added 2020/10/16 11:15 p.m.82 views

CVE-2020-16934

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.To exploit this vulnerability, an attacker would need to convince a user to open a speci...

7.8CVSS6.7AI score0.03808EPSS
CVE
CVE
added 2024/09/10 5:15 p.m.82 views

CVE-2024-43465

Microsoft Excel Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00909EPSS
CVE
CVE
added 2024/12/12 2:4 a.m.82 views

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

5.5CVSS5.9AI score0.00275EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.81 views

CVE-2011-0105

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Ini...

9.3CVSS7.8AI score0.89418EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.81 views

CVE-2015-2431

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution ...

9.3CVSS8AI score0.62132EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.81 views

CVE-2015-2510

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a craft...

9.3CVSS7.7AI score0.72229EPSS
CVE
CVE
added 2016/07/13 1:59 a.m.81 views

CVE-2016-3282

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Shar...

9.3CVSS7.6AI score0.38399EPSS
CVE
CVE
added 2016/11/10 6:59 a.m.81 views

CVE-2016-7233

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or ...

6.5CVSS6.3AI score0.13703EPSS
Total number of security vulnerabilities950