Lucene search

K
MicrosoftOffice

950 matches found

CVE
CVE
added 2025/05/13 5:15 p.m.53 views

CVE-2025-29979

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8.1AI score0.00139EPSS
CVE
CVE
added 2025/05/13 5:15 p.m.53 views

CVE-2025-30375

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.00271EPSS
CVE
CVE
added 2025/05/13 5:16 p.m.53 views

CVE-2025-30376

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00139EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.52 views

CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

7.5CVSS6.7AI score0.10948EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.52 views

CVE-2000-0854

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

10CVSS7.7AI score0.37307EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.52 views

CVE-2006-0007

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.

9.3CVSS7.3AI score0.59658EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.52 views

CVE-2006-3651

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.

9.3CVSS7.2AI score0.59337EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.52 views

CVE-2007-0065

Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

10CVSS7.7AI score0.58404EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.52 views

CVE-2007-1201

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

9.3CVSS7.3AI score0.45718EPSS
CVE
CVE
added 2007/08/14 9:17 p.m.52 views

CVE-2007-3890

Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.

9.3CVSS7.4AI score0.58977EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.52 views

CVE-2008-0115

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

9.3CVSS9.7AI score0.71916EPSS
Web
CVE
CVE
added 2009/06/10 6:30 p.m.52 views

CVE-2009-0549

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Rec...

9.3CVSS7.5AI score0.59146EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.52 views

CVE-2010-3221

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."

9.3CVSS7.5AI score0.54346EPSS
CVE
CVE
added 2011/06/16 8:55 p.m.52 views

CVE-2011-1277

Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsh...

9.3CVSS7.7AI score0.50198EPSS
CVE
CVE
added 2012/10/25 10:51 a.m.52 views

CVE-2012-5672

Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.

4.3CVSS6.7AI score0.17398EPSS
CVE
CVE
added 2014/12/11 12:59 a.m.52 views

CVE-2014-6364

Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."

9.3CVSS8.7AI score0.31739EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.52 views

CVE-2016-0137

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

4.3CVSS4.9AI score0.06542EPSS
CVE
CVE
added 2025/07/08 5:15 p.m.52 views

CVE-2025-49702

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS6.9AI score0.00149EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.51 views

CVE-2006-3868

Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.

5.1CVSS7.3AI score0.54494EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.51 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to o...

7.5CVSS6.7AI score0.12634EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.51 views

CVE-2009-1134

Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "...

9.3CVSS7.4AI score0.53077EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.51 views

CVE-2011-0107

Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loadi...

9.3CVSS6.3AI score0.51718EPSS
CVE
CVE
added 2011/09/15 12:26 p.m.51 views

CVE-2011-1980

Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulner...

9.3CVSS6.3AI score0.59723EPSS
CVE
CVE
added 2011/09/15 12:26 p.m.51 views

CVE-2011-1990

Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attacke...

9.3CVSS7.5AI score0.58631EPSS
CVE
CVE
added 2025/05/13 5:16 p.m.51 views

CVE-2025-30379

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.00139EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.50 views

CVE-2006-4693

Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.

9.3CVSS7.4AI score0.59337EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.50 views

CVE-2007-0028

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an ear...

9.3CVSS7.4AI score
CVE
CVE
added 2007/01/09 11:28 p.m.50 views

CVE-2007-0030

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

9.3CVSS7.4AI score0.58991EPSS
CVE
CVE
added 2007/01/09 11:28 p.m.50 views

CVE-2007-0033

Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

9.3CVSS7.4AI score0.60312EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.50 views

CVE-2008-0109

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

9.3CVSS7.3AI score0.5578EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.50 views

CVE-2008-0117

Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

9.3CVSS9.6AI score0.7417EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.50 views

CVE-2008-3460

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulner...

9.3CVSS7.3AI score0.60485EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.50 views

CVE-2010-3238

Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."

9.3CVSS7.6AI score0.56267EPSS
CVE
CVE
added 2011/06/16 8:55 p.m.50 views

CVE-2011-1279

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) ...

9.3CVSS7.7AI score0.43527EPSS
CVE
CVE
added 2011/09/15 12:26 p.m.50 views

CVE-2011-1987

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPo...

9.3CVSS7.5AI score0.58631EPSS
CVE
CVE
added 2025/05/13 5:15 p.m.50 views

CVE-2025-29977

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8.2AI score0.00139EPSS
CVE
CVE
added 2025/06/10 5:23 p.m.50 views

CVE-2025-47171

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

6.7CVSS6.6AI score0.01905EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.49 views

CVE-2000-0088

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

7.2CVSS7.5AI score0.00513EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.49 views

CVE-2002-0616

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."

5.1CVSS7.2AI score0.10819EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.49 views

CVE-2002-1716

The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.

5CVSS7.1AI score0.17162EPSS
CVE
CVE
added 2006/02/14 7:6 p.m.49 views

CVE-2006-0008

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, whi...

7.2CVSS6.4AI score0.00786EPSS
CVE
CVE
added 2007/02/13 8:28 p.m.49 views

CVE-2006-1311

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF...

9.3CVSS7.4AI score0.70366EPSS
CVE
CVE
added 2007/07/10 10:30 p.m.49 views

CVE-2007-3029

Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.

9.3CVSS7.5AI score0.60754EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.49 views

CVE-2009-1533

Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer...

9.3CVSS7.8AI score0.73508EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.49 views

CVE-2010-3215

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."

9.3CVSS7.5AI score0.56564EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.49 views

CVE-2010-3236

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."

9.3CVSS7.6AI score0.56267EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.49 views

CVE-2010-3241

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability....

9.3CVSS7.6AI score0.50897EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.49 views

CVE-2010-3242

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."

9.3CVSS7.5AI score0.572EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.49 views

CVE-2010-3945

Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."

9.3CVSS7.7AI score0.62128EPSS
CVE
CVE
added 2015/12/09 11:59 a.m.49 views

CVE-2015-6118

Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.34302EPSS
Total number of security vulnerabilities950