Office Security Vulnerabilities and Issues — Page 13 of Office CVE List

Lucene search

MicrosoftOffice

938 matches found

CVE•added 2008/09/11 1:11 a.m.•70 views

CVE-2008-3015

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and ...

9.3CVSS8AI score0.71538EPSS

CVE•added 2008/12/10 2:0 p.m.•70 views

CVE-2008-4025

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format C...

9.3CVSS7.7AI score0.65689EPSS

CVE•added 2009/11/11 7:30 p.m.•70 views

CVE-2009-3128

Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."

9.3CVSS7.3AI score0.57317EPSS

CVE•added 2009/11/11 8:30 p.m.•70 views

CVE-2009-3132

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow rem...

9.3CVSS7.4AI score0.56564EPSS

CVE•added 2010/06/08 8:30 p.m.•70 views

CVE-2010-1248

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.6225EPSS

CVE•added 2015/08/15 12:59 a.m.•70 views

CVE-2015-2470

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."

9.3CVSS7.5AI score0.64267EPSS

CVE•added 2018/03/14 5:29 p.m.•70 views

CVE-2018-0922

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013...

9.3CVSS7.8AI score0.24243EPSS

CVE•added 2018/06/14 12:29 p.m.•70 views

CVE-2018-8248

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.

9.3CVSS7.7AI score0.47358EPSS

CVE•added 2018/10/10 1:29 p.m.•70 views

CVE-2018-8504

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.

9.3CVSS8.8AI score0.17221EPSS

CVE•added 2020/09/11 5:15 p.m.•70 views

CVE-2020-16855

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.Exploitation of the vulnerab...

5.5CVSS5.3AI score0.19738EPSS

CVE•added 2025/03/11 5:16 p.m.•70 views

CVE-2025-24079

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00158EPSS

CVE•added 2004/11/03 5:0 a.m.•69 views

CVE-2004-0846

Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.

7.5CVSS7.5AI score0.51442EPSS

CVE•added 2005/02/08 5:0 a.m.•69 views

CVE-2004-0848

Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.

7.5CVSS7.8AI score0.42122EPSS

CVE•added 2008/08/12 11:41 p.m.•69 views

CVE-2008-3003

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the ...

6.6CVSS5.7AI score0.00947EPSS

CVE•added 2010/06/08 8:30 p.m.•69 views

CVE-2010-1249

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a diff...

9.3CVSS7.8AI score0.64885EPSS

CVE•added 2010/10/13 7:0 p.m.•69 views

CVE-2010-3232

Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute ar...

9.3CVSS7.6AI score0.572EPSS

CVE•added 2015/12/09 11:59 a.m.•69 views

CVE-2015-6172

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."

9.3CVSS7.5AI score0.32798EPSS

CVE•added 2016/12/20 6:59 a.m.•69 views

CVE-2016-7275

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

7.8CVSS7.4AI score0.00683EPSS

CVE•added 2018/02/15 2:29 a.m.•69 views

CVE-2018-0852

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vuln...

9.3CVSS8.7AI score0.34337EPSS

CVE•added 2018/06/14 12:29 p.m.•69 views

CVE-2018-8246

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

5.5CVSS5AI score0.22636EPSS

CVE•added 2018/11/14 1:29 a.m.•69 views

CVE-2018-8579

An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.

6.5CVSS6.2AI score0.08197EPSS

CVE•added 2024/09/10 5:15 p.m.•69 views

CVE-2024-43463

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00971EPSS

CVE•added 2008/10/15 12:12 a.m.•68 views

CVE-2008-4019

Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and S...

9.3CVSS7.5AI score0.59492EPSS

CVE•added 2008/12/10 2:0 p.m.•68 views

CVE-2008-4031

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac all...

9.3CVSS7.4AI score0.59894EPSS

CVE•added 2008/12/10 2:0 p.m.•68 views

CVE-2008-4264

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote a...

9.3CVSS7.3AI score0.6248EPSS

CVE•added 2010/03/10 10:30 p.m.•68 views

CVE-2010-0257

Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.58322EPSS

CVE•added 2017/12/12 9:29 p.m.•68 views

CVE-2017-11934

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".

5.5CVSS5.2AI score0.12116EPSS

CVE•added 2018/09/13 12:29 a.m.•68 views

CVE-2018-8430

A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.

9.3CVSS7.9AI score0.16169EPSS

CVE•added 2018/10/10 1:29 p.m.•68 views

CVE-2018-8501

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPo...

9.3CVSS8.8AI score0.17221EPSS

CVE•added 2023/12/12 6:15 p.m.•68 views

CVE-2023-36009

Microsoft Word Information Disclosure Vulnerability

5.5CVSS5.4AI score0.0019EPSS

CVE•added 2025/01/14 6:16 p.m.•68 views

CVE-2025-21361

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00207EPSS

CVE•added 2009/02/25 4:30 p.m.•67 views

CVE-2009-0238

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a craft...

9.3CVSS7.4AI score0.58067EPSS

CVE•added 2010/02/10 6:30 p.m.•67 views

CVE-2010-0031

Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."

9.3CVSS7.4AI score0.57317EPSS

CVE•added 2010/03/10 10:30 p.m.•67 views

CVE-2010-0262

Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Unin...

9.3CVSS7.7AI score0.58326EPSS

CVE•added 2018/01/10 1:29 a.m.•67 views

CVE-2018-0819

Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."

6.5CVSS7.1AI score0.07566EPSS

CVE•added 2018/04/12 1:29 a.m.•67 views

CVE-2018-1029

9.3CVSS7.7AI score0.28958EPSS

CVE•added 2018/04/12 1:29 a.m.•67 views

CVE-2018-1030

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.

9.3CVSS8.3AI score0.35235EPSS

CVE•added 2018/08/15 5:29 p.m.•67 views

CVE-2018-8375

9.3CVSS7.8AI score0.15563EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-21394

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2025/03/11 5:16 p.m.•67 views

CVE-2025-24057

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00302EPSS

CVE•added 2025/06/10 5:23 p.m.•67 views

CVE-2025-47164

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.8AI score0.00063EPSS

CVE•added 2004/09/01 4:0 a.m.•66 views

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

7.5CVSS8.3AI score0.51468EPSS

CVE•added 2008/09/11 1:11 a.m.•66 views

CVE-2008-3012

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.70686EPSS

CVE•added 2011/02/10 7:0 p.m.•66 views

CVE-2011-0980

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."

9.3CVSS7.6AI score0.60147EPSS

CVE•added 2016/07/13 1:59 a.m.•66 views

CVE-2016-3280

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vuln...

9.3CVSS7.6AI score0.31597EPSS

CVE•added 2018/02/15 2:29 a.m.•66 views

CVE-2018-0853

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".

4.3CVSS3.6AI score0.11679EPSS

CVE•added 2018/03/14 5:29 p.m.•66 views

CVE-2018-0903

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".

7.8CVSS8AI score0.23813EPSS

CVE•added 2022/10/11 7:15 p.m.•66 views

CVE-2022-38001

Microsoft Office Spoofing Vulnerability

6.5CVSS6.6AI score0.02309EPSS

CVE•added 2025/05/13 5:16 p.m.•66 views

CVE-2025-30386

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS7.8AI score0.00063EPSS

CVE•added 2006/12/11 5:28 p.m.•65 views

CVE-2006-6456

Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.

9.3CVSS6.7AI score0.62818EPSS

Total number of security vulnerabilities938