Office Security Vulnerabilities and Issues — Page 11 of Office CVE List

Lucene search

MicrosoftOffice

938 matches found

CVE•added 2024/09/10 5:15 p.m.•81 views

CVE-2024-43465

Microsoft Excel Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00634EPSS

CVE•added 2015/09/09 12:59 a.m.•80 views

CVE-2015-2510

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a craft...

9.3CVSS7.7AI score0.72229EPSS

CVE•added 2015/11/11 12:59 p.m.•80 views

CVE-2015-6091

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS

CVE•added 2017/06/15 1:29 a.m.•80 views

CVE-2017-0287

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This ...

5CVSS5.1AI score0.24455EPSS

CVE•added 2018/03/14 5:29 p.m.•80 views

CVE-2018-0907

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature...

7.8CVSS7.5AI score0.1164EPSS

CVE•added 2021/03/11 4:15 p.m.•80 views

CVE-2021-27054

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.0356EPSS

CVE•added 2021/03/11 4:15 p.m.•80 views

CVE-2021-27055

Microsoft Visio Security Feature Bypass Vulnerability

7CVSS6.6AI score0.00411EPSS

CVE•added 2021/09/15 12:15 p.m.•80 views

CVE-2021-38654

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.08194EPSS

CVE•added 2022/12/13 7:15 p.m.•80 views

CVE-2022-44694

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00303EPSS

CVE•added 2022/12/13 7:15 p.m.•80 views

CVE-2022-44696

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00392EPSS

CVE•added 2022/12/13 7:15 p.m.•80 views

CVE-2022-44713

Microsoft Outlook for Mac Spoofing Vulnerability

7.5CVSS7.5AI score0.02318EPSS

CVE•added 2024/10/08 6:15 p.m.•80 views

CVE-2024-43505

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00883EPSS

CVE•added 2024/11/12 6:15 p.m.•80 views

CVE-2024-49028

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00492EPSS

CVE•added 2025/06/10 5:23 p.m.•80 views

CVE-2025-47162

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.6AI score0.00063EPSS

CVE•added 2008/04/08 11:5 p.m.•79 views

CVE-2008-1089

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."

9.3CVSS7.3AI score0.5085EPSS

CVE•added 2009/08/12 5:30 p.m.•79 views

CVE-2009-1534

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web ...

9.3CVSS7.8AI score0.7543EPSS

CVE•added 2011/04/13 6:55 p.m.•79 views

CVE-2011-0105

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Ini...

9.3CVSS7.8AI score0.89418EPSS

CVE•added 2016/04/12 11:59 p.m.•79 views

CVE-2016-0127

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server ...

9.3CVSS7.8AI score0.21675EPSS

CVE•added 2016/07/13 1:59 a.m.•79 views

CVE-2016-3282

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Shar...

9.3CVSS7.6AI score0.41944EPSS

CVE•added 2016/08/09 9:59 p.m.•79 views

CVE-2016-3318

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.31597EPSS

CVE•added 2017/07/11 9:29 p.m.•79 views

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

9.3CVSS7.8AI score0.29765EPSS

CVE•added 2018/11/14 1:29 a.m.•79 views

CVE-2018-8524

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2021/12/15 3:15 p.m.•79 views

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

6.5CVSS6.6AI score0.01728EPSS

CVE•added 2024/12/12 2:4 a.m.•79 views

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

5.5CVSS5.9AI score0.00187EPSS

CVE•added 2008/01/16 11:0 p.m.•78 views

CVE-2008-0081

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

9.8CVSS9.6AI score0.81775EPSS

CVE•added 2008/04/08 11:5 p.m.•78 views

CVE-2008-1090

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."

9.3CVSS7.3AI score0.59441EPSS

CVE•added 2015/08/15 12:59 a.m.•78 views

CVE-2015-2431

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution ...

9.3CVSS8AI score0.62132EPSS

CVE•added 2016/11/10 6:59 a.m.•78 views

CVE-2016-7233

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or ...

6.5CVSS6.3AI score0.13703EPSS

CVE•added 2016/12/20 6:59 a.m.•78 views

CVE-2016-7291

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2017/06/15 1:29 a.m.•78 views

CVE-2017-8531

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory co...

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2018/01/10 1:29 a.m.•78 views

CVE-2018-0805

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is u...

9.3CVSS8.3AI score0.29711EPSS

CVE•added 2019/03/06 12:0 a.m.•78 views

CVE-2019-0675

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2020/11/11 7:15 a.m.•78 views

CVE-2020-17063

Microsoft Office Online Spoofing Vulnerability

6.8CVSS6.5AI score0.0071EPSS

CVE•added 2024/12/12 2:4 a.m.•78 views

CVE-2024-49059

Microsoft Office Elevation of Privilege Vulnerability

7CVSS6.9AI score0.00104EPSS

CVE•added 2010/06/08 8:30 p.m.•77 views

CVE-2010-0821

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; a...

9.3CVSS7.5AI score0.61401EPSS

CVE•added 2013/07/10 3:46 a.m.•77 views

CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,...

9.3CVSS7.3AI score0.44189EPSS

CVE•added 2016/03/09 11:59 a.m.•77 views

CVE-2016-0134

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2...

9.3CVSS7.7AI score0.38562EPSS

CVE•added 2017/06/15 1:29 a.m.•77 views

CVE-2017-8532

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2018/05/09 7:29 p.m.•77 views

CVE-2018-8157

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.

9.3CVSS7.7AI score0.24873EPSS

CVE•added 2024/09/10 5:15 p.m.•77 views

CVE-2024-38250

Windows Graphics Component Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00588EPSS

CVE•added 2025/02/11 6:15 p.m.•77 views

CVE-2025-21392

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.0015EPSS

CVE•added 2015/05/13 10:59 a.m.•76 views

CVE-2015-1682

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word...

9.3CVSS7.4AI score0.28203EPSS

CVE•added 2017/03/17 12:59 a.m.•76 views

CVE-2017-0105

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office docume...

5.5CVSS5.5AI score0.36469EPSS

CVE•added 2017/06/15 1:29 a.m.•76 views

CVE-2017-0286

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CV...

5CVSS5.1AI score0.24455EPSS

CVE•added 2018/01/22 11:29 p.m.•76 views

CVE-2018-0862

9.3CVSS8.3AI score0.31434EPSS

CVE•added 2018/05/09 7:29 p.m.•76 views

CVE-2018-8158

9.3CVSS7.7AI score0.24873EPSS

CVE•added 2019/08/14 9:15 p.m.•76 views

CVE-2019-1199

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative ...

9.3CVSS7.9AI score0.08996EPSS

CVE•added 2021/12/15 3:15 p.m.•76 views

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability

5.5CVSS5.5AI score0.03195EPSS

CVE•added 2021/12/15 3:15 p.m.•76 views

CVE-2021-43255

Microsoft Office Trust Center Spoofing Vulnerability

5.5CVSS5.6AI score0.01249EPSS

CVE•added 2025/04/08 6:16 p.m.•76 views

CVE-2025-29816

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.