Office Security Vulnerabilities and Issues — Page 11 of Office CVE List

Lucene search

MicrosoftOffice

950 matches found

CVE•added 2017/06/15 1:29 a.m.•81 views

CVE-2017-0287

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This ...

5CVSS5.1AI score0.24455EPSS

CVE•added 2018/03/14 5:29 p.m.•81 views

CVE-2018-0907

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature...

7.8CVSS7.5AI score0.1321EPSS

CVE•added 2021/03/11 4:15 p.m.•81 views

CVE-2021-27054

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.0356EPSS

CVE•added 2021/03/11 4:15 p.m.•81 views

CVE-2021-27055

Microsoft Visio Security Feature Bypass Vulnerability

7CVSS6.6AI score0.00411EPSS

CVE•added 2021/09/15 12:15 p.m.•81 views

CVE-2021-38654

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.08194EPSS

CVE•added 2021/12/15 3:15 p.m.•81 views

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

6.5CVSS6.6AI score0.02692EPSS

CVE•added 2022/12/13 7:15 p.m.•81 views

CVE-2022-44694

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00319EPSS

CVE•added 2022/12/13 7:15 p.m.•81 views

CVE-2022-44696

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00412EPSS

CVE•added 2022/12/13 7:15 p.m.•81 views

CVE-2022-44713

Microsoft Outlook for Mac Spoofing Vulnerability

7.5CVSS7.5AI score0.02434EPSS

CVE•added 2024/10/08 6:15 p.m.•81 views

CVE-2024-43505

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00883EPSS

CVE•added 2024/11/12 6:15 p.m.•81 views

CVE-2024-49028

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00971EPSS

CVE•added 2025/06/10 5:23 p.m.•81 views

CVE-2025-47175

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00583EPSS

CVE•added 2008/04/08 11:5 p.m.•80 views

CVE-2008-1089

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."

9.3CVSS7.3AI score0.5085EPSS

CVE•added 2008/04/08 11:5 p.m.•80 views

CVE-2008-1090

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."

9.3CVSS7.3AI score0.59441EPSS

CVE•added 2009/08/12 5:30 p.m.•80 views

CVE-2009-1534

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web ...

9.3CVSS7.8AI score0.7543EPSS

Web

CVE•added 2013/07/10 3:46 a.m.•80 views

CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,...

9.3CVSS7.3AI score0.44189EPSS

CVE•added 2016/08/09 9:59 p.m.•80 views

CVE-2016-3318

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.30017EPSS

CVE•added 2016/12/20 6:59 a.m.•80 views

CVE-2016-7291

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2017/07/11 9:29 p.m.•80 views

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

9.3CVSS7.8AI score0.29765EPSS

CVE•added 2018/11/14 1:29 a.m.•80 views

CVE-2018-8524

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...

9.3CVSS8.3AI score0.17102EPSS

CVE•added 2024/12/12 2:4 a.m.•80 views

CVE-2024-49059

Microsoft Office Elevation of Privilege Vulnerability

7CVSS6.9AI score0.00125EPSS

CVE•added 2008/01/16 11:0 p.m.•79 views

CVE-2008-0081

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

9.8CVSS9.6AI score0.81775EPSS

CVE•added 2010/06/08 8:30 p.m.•79 views

CVE-2010-0821

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; a...

9.3CVSS7.5AI score0.61401EPSS

CVE•added 2016/03/09 11:59 a.m.•79 views

CVE-2016-0134

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2...

9.3CVSS7.7AI score0.38562EPSS

CVE•added 2017/06/15 1:29 a.m.•79 views

CVE-2017-8531

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory co...

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2018/01/10 1:29 a.m.•79 views

CVE-2018-0805

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is u...

9.3CVSS8.3AI score0.29711EPSS

CVE•added 2019/03/06 12:0 a.m.•79 views

CVE-2019-0675

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2020/11/11 7:15 a.m.•79 views

CVE-2020-17063

Microsoft Office Online Spoofing Vulnerability

6.8CVSS6.5AI score0.01601EPSS

CVE•added 2025/04/08 6:16 p.m.•79 views

CVE-2025-29816

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

7.5CVSS7.1AI score0.0002EPSS

CVE•added 2025/06/10 5:24 p.m.•79 views

CVE-2025-47953

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.8AI score0.0007EPSS

CVE•added 2017/03/17 12:59 a.m.•78 views

CVE-2017-0105

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office docume...

5.5CVSS5.5AI score0.36469EPSS

CVE•added 2017/06/15 1:29 a.m.•78 views

CVE-2017-8532

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2018/05/09 7:29 p.m.•78 views

CVE-2018-8157

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.

9.3CVSS7.7AI score0.30512EPSS

CVE•added 2024/09/10 5:15 p.m.•78 views

CVE-2024-38250

Windows Graphics Component Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00694EPSS

CVE•added 2025/02/11 6:15 p.m.•78 views

CVE-2025-21392

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00169EPSS

CVE•added 2025/01/14 6:16 p.m.•78 views

CVE-2025-21402

Microsoft Office OneNote Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00149EPSS

CVE•added 2009/11/11 7:30 p.m.•77 views

CVE-2009-3127

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memor...

9.3CVSS7.3AI score0.60932EPSS

CVE•added 2011/04/13 6:55 p.m.•77 views

CVE-2011-0098

Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrar...

9.3CVSS7.6AI score0.63606EPSS

CVE•added 2015/05/13 10:59 a.m.•77 views

CVE-2015-1682

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word...

9.3CVSS7.4AI score0.28203EPSS

CVE•added 2016/02/10 11:59 a.m.•77 views

CVE-2016-0052

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 ...

9.3CVSS7.7AI score0.21675EPSS

CVE•added 2016/12/20 6:59 a.m.•77 views

CVE-2016-7268

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial o...

7.1CVSS6.7AI score0.09192EPSS

CVE•added 2017/06/15 1:29 a.m.•77 views

CVE-2017-0286

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CV...

5CVSS5.1AI score0.24455EPSS

CVE•added 2018/01/22 11:29 p.m.•77 views

CVE-2018-0862

9.3CVSS8.3AI score0.30408EPSS

CVE•added 2018/05/09 7:29 p.m.•77 views

CVE-2018-8158

9.3CVSS7.7AI score0.30512EPSS

CVE•added 2019/08/14 9:15 p.m.•77 views

CVE-2019-1199

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative ...

9.3CVSS7.9AI score0.08996EPSS

CVE•added 2021/12/15 3:15 p.m.•77 views

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability

5.5CVSS5.5AI score0.03195EPSS

CVE•added 2021/12/15 3:15 p.m.•77 views

CVE-2021-43255

Microsoft Office Trust Center Spoofing Vulnerability

5.5CVSS5.6AI score0.01249EPSS

CVE•added 2025/04/08 6:15 p.m.•77 views

CVE-2025-26687

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

7.5CVSS7.5AI score0.00049EPSS

CVE•added 2016/11/10 6:59 a.m.•76 views

CVE-2016-7234

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web A...

9.3CVSS7.7AI score0.38399EPSS

CVE•added 2018/01/10 1:29 a.m.•76 views

CVE-2018-0801

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.29711EPSS

Total number of security vulnerabilities950