Office Security Vulnerabilities and Issues — Page 16 of Office CVE List

Lucene search

MicrosoftOffice

953 matches found

CVE•added 2011/04/13 6:55 p.m.•57 views

CVE-2011-0103

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerabili...

9.3CVSS7.7AI score0.68014EPSS

CVE•added 2009/11/11 8:30 p.m.•56 views

CVE-2009-3133

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing...

9.3CVSS7.4AI score0.56564EPSS

CVE•added 2010/08/11 6:47 p.m.•56 views

CVE-2010-2562

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka ...

9.3CVSS7.7AI score0.56148EPSS

CVE•added 2011/04/13 6:55 p.m.•56 views

CVE-2011-0656

Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not pro...

9.3CVSS7.8AI score0.5776EPSS

Web

CVE•added 2011/09/15 12:26 p.m.•56 views

CVE-2011-1982

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

9.3CVSS7.5AI score0.58519EPSS

CVE•added 2015/03/11 10:59 a.m.•56 views

CVE-2015-0086

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2,...

9.3CVSS7.6AI score0.27375EPSS

CVE•added 2015/05/13 10:59 a.m.•56 views

CVE-2015-1683

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.37547EPSS

CVE•added 2015/07/14 9:59 p.m.•56 views

CVE-2015-2380

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.31321EPSS

CVE•added 2003/04/02 5:0 a.m.•55 views

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).

7.5CVSS6.8AI score0.19687EPSS

CVE•added 2006/09/12 11:7 p.m.•55 views

CVE-2006-0001

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

9.3CVSS7.8AI score0.73182EPSS

CVE•added 2006/03/14 11:2 p.m.•55 views

CVE-2006-0030

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.

5.1CVSS7.2AI score0.5975EPSS

CVE•added 2006/03/14 11:2 p.m.•55 views

CVE-2006-0031

Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.

5.1CVSS7.6AI score0.56259EPSS

CVE•added 2006/12/14 6:28 p.m.•55 views

CVE-2006-6561

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-64...

9.3CVSS7.1AI score0.71018EPSS

CVE•added 2008/03/11 11:44 p.m.•55 views

CVE-2008-0118

Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Off...

9.3CVSS9.5AI score0.75862EPSS

CVE•added 2010/03/10 10:30 p.m.•55 views

CVE-2010-0258

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file fo...

9.3CVSS7.7AI score0.7144EPSS

CVE•added 2010/08/11 6:47 p.m.•55 views

CVE-2010-1900

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word...

9.3CVSS7.6AI score0.43664EPSS

CVE•added 2010/10/13 7:0 p.m.•55 views

CVE-2010-3216

Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."

9.3CVSS7.5AI score0.57317EPSS

CVE•added 2011/09/15 12:26 p.m.•55 views

CVE-2011-1989

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2...

9.3CVSS7.5AI score0.59677EPSS

CVE•added 2015/08/15 12:59 a.m.•55 views

CVE-2015-2469

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.66829EPSS

CVE•added 2015/12/09 11:59 a.m.•55 views

CVE-2015-6124

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.37547EPSS

CVE•added 2016/12/20 6:59 a.m.•55 views

CVE-2016-7277

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.6CVSS8.7AI score0.0477EPSS

CVE•added 2018/09/13 12:29 a.m.•55 views

CVE-2018-8331

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.

9.3CVSS8.1AI score0.19457EPSS

CVE•added 2007/01/09 11:28 p.m.•54 views

CVE-2007-0031

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

9.3CVSS7.7AI score0.75763EPSS

CVE•added 2007/05/08 10:19 p.m.•54 views

CVE-2007-0035

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

9.3CVSS7.1AI score0.5863EPSS

CVE•added 2008/08/12 11:41 p.m.•54 views

CVE-2008-3020

Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."

9.3CVSS7.3AI score0.54114EPSS

CVE•added 2010/06/08 8:30 p.m.•54 views

CVE-2010-0823

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; a...

9.3CVSS7.4AI score0.64885EPSS

CVE•added 2010/06/08 8:30 p.m.•54 views

CVE-2010-1251

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."

9.3CVSS7.5AI score0.57317EPSS

CVE•added 2010/06/08 8:30 p.m.•54 views

CVE-2010-1252

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."

9.3CVSS7.5AI score0.57317EPSS

CVE•added 2010/08/11 6:47 p.m.•54 views

CVE-2010-1902

Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbit...

9.3CVSS7.9AI score0.58304EPSS

CVE•added 2010/11/10 3:0 a.m.•54 views

CVE-2010-3337

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

9.3CVSS6.2AI score0.46382EPSS

CVE•added 2010/12/16 7:33 p.m.•54 views

CVE-2010-3952

The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Co...

9.3CVSS7.7AI score0.61042EPSS

CVE•added 2013/11/13 12:55 a.m.•54 views

CVE-2013-0082

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.52417EPSS

CVE•added 2014/05/14 11:13 a.m.•54 views

CVE-2014-1756

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory...

9.3CVSS8.2AI score0.20081EPSS

CVE•added 2015/02/11 3:1 a.m.•54 views

CVE-2015-0063

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel ...

9.3CVSS8.1AI score0.3411EPSS

CVE•added 2015/08/15 12:59 a.m.•54 views

CVE-2015-2477

Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.37547EPSS

CVE•added 2018/05/23 1:29 p.m.•54 views

CVE-2018-8176

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

9.3CVSS9AI score0.30898EPSS

CVE•added 2024/11/12 6:15 p.m.•54 views

CVE-2024-49027

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00689EPSS

CVE•added 2025/06/10 5:23 p.m.•54 views

CVE-2025-47173

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.7AI score0.00068EPSS

CVE•added 2006/10/10 9:7 p.m.•53 views

CVE-2006-3876

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.

9.3CVSS7AI score0.55161EPSS

CVE•added 2006/09/27 7:7 p.m.•53 views

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.P...

9.3CVSS7AI score0.46461EPSS

CVE•added 2007/01/09 11:28 p.m.•53 views

CVE-2007-0029

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

9.3CVSS7.6AI score0.55891EPSS

CVE•added 2007/02/13 9:28 p.m.•53 views

CVE-2007-0209

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

9.3CVSS7.5AI score0.53741EPSS

CVE•added 2007/05/09 6:0 p.m.•53 views

CVE-2007-0215

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

7.6CVSS7.6AI score0.60151EPSS

CVE•added 2008/02/12 11:0 p.m.•53 views

CVE-2008-0108

Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulner...

9.3CVSS7.6AI score0.75419EPSS

CVE•added 2009/06/10 6:30 p.m.•53 views

CVE-2009-0560

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility ...

9.3CVSS7.5AI score0.6682EPSS

CVE•added 2010/11/10 3:0 a.m.•53 views

CVE-2010-3334

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp...

9.3CVSS7.6AI score0.65803EPSS

CVE•added 2010/12/16 7:33 p.m.•53 views

CVE-2010-3946

Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."

9.3CVSS7.7AI score0.66914EPSS

CVE•added 2010/12/16 7:33 p.m.•53 views

CVE-2010-3950

The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, ak...

9.3CVSS7.6AI score0.61042EPSS

CVE•added 2011/04/13 6:55 p.m.•53 views

CVE-2011-0041

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

9.3CVSS7.6AI score0.70319EPSS

CVE•added 2011/06/16 8:55 p.m.•53 views

CVE-2011-1276

Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.5AI score0.56693EPSS

Total number of security vulnerabilities953