Lucene search

K
MicrosoftOffice

950 matches found

CVE
CVE
added 2016/02/10 11:59 a.m.49 views

CVE-2016-0055

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.30333EPSS
CVE
CVE
added 2025/05/13 5:16 p.m.49 views

CVE-2025-30381

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.6AI score0.00139EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.48 views

CVE-2006-1305

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.

4.3CVSS6.6AI score0.51832EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.48 views

CVE-2006-3647

Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE...

9.3CVSS7.6AI score0.59337EPSS
CVE
CVE
added 2007/07/10 10:30 p.m.48 views

CVE-2007-1756

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".

9.3CVSS7.3AI score0.67687EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.48 views

CVE-2008-0111

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."

9.3CVSS9.7AI score0.69696EPSS
CVE
CVE
added 2008/08/13 12:41 a.m.48 views

CVE-2008-1455

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted li...

6.8CVSS7.4AI score0.63798EPSS
CVE
CVE
added 2008/04/21 5:5 p.m.48 views

CVE-2008-1898

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper...

9.3CVSS7.6AI score0.79812EPSS
Web
CVE
CVE
added 2008/10/15 12:12 a.m.48 views

CVE-2008-4020

Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download...

4.3CVSS5.4AI score0.31298EPSS
Web
CVE
CVE
added 2008/12/10 2:0 p.m.48 views

CVE-2008-4030

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control word...

9.3CVSS7.3AI score0.69893EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.48 views

CVE-2008-4265

Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."

9.3CVSS7.3AI score0.6248EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.48 views

CVE-2009-0559

Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."

9.3CVSS7.9AI score0.60265EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.48 views

CVE-2013-3160

Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External ...

5CVSS6.5AI score0.28558EPSS
CVE
CVE
added 2016/11/10 6:59 a.m.48 views

CVE-2016-7244

Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

5.5CVSS5.8AI score0.2421EPSS
CVE
CVE
added 2025/07/08 5:15 p.m.48 views

CVE-2025-49697

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS7.3AI score0.00066EPSS
CVE
CVE
added 2006/03/14 11:2 p.m.47 views

CVE-2006-0009

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in a...

5.1CVSS7.4AI score0.62227EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.47 views

CVE-2006-1316

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Pars...

9.3CVSS7.2AI score0.74233EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.47 views

CVE-2008-3021

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a d...

9.3CVSS7.2AI score0.67964EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.47 views

CVE-2010-3949

Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."

9.3CVSS7.8AI score0.62128EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.47 views

CVE-2010-3951

Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."

9.3CVSS7.7AI score0.62128EPSS
CVE
CVE
added 2015/02/11 2:59 a.m.47 views

CVE-2014-6362

Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."

4.3CVSS6.5AI score0.32345EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.47 views

CVE-2025-53766

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

9.8CVSS8AI score0.00143EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.46 views

CVE-1999-1259

Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

2.1CVSS6.7AI score0.01934EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

7.5CVSS6.2AI score0.11402EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.46 views

CVE-2004-0573

Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.

7.5CVSS7.8AI score0.40534EPSS
CVE
CVE
added 2006/03/14 11:2 p.m.46 views

CVE-2006-0028

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid...

5.1CVSS7.1AI score0.51677EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.46 views

CVE-2007-0216

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

9.3CVSS7.4AI score0.71265EPSS
CVE
CVE
added 2007/03/03 7:19 p.m.46 views

CVE-2007-1238

Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

4.3CVSS6.5AI score0.1732EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.46 views

CVE-2008-0116

Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."

9.3CVSS9.7AI score0.74375EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.46 views

CVE-2008-3019

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."

9.3CVSS7.3AI score0.54114EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.46 views

CVE-2010-2748

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."

9.3CVSS7.6AI score0.54346EPSS
CVE
CVE
added 2014/04/05 2:55 p.m.46 views

CVE-2014-2730

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document co...

5CVSS6.8AI score0.09293EPSS
CVE
CVE
added 2025/07/08 5:15 p.m.46 views

CVE-2025-49705

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

7.8CVSS7.3AI score0.00079EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.45 views

CVE-2002-0618

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".

7.5CVSS7AI score0.17276EPSS
CVE
CVE
added 2006/02/14 8:2 p.m.45 views

CVE-2006-0004

Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).

5CVSS6AI score0.51955EPSS
CVE
CVE
added 2006/03/14 11:2 p.m.45 views

CVE-2006-0029

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.

5.1CVSS7.2AI score0.40426EPSS
CVE
CVE
added 2006/07/10 10:5 p.m.45 views

CVE-2006-3493

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NO...

5.1CVSS7.5AI score0.57694EPSS
CVE
CVE
added 2007/06/19 10:30 p.m.45 views

CVE-2007-3282

Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.

7.8CVSS7.9AI score0.46593EPSS
CVE
CVE
added 2010/03/10 10:30 p.m.45 views

CVE-2010-0261

Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records,"...

9.3CVSS7.9AI score0.65469EPSS
CVE
CVE
added 2013/12/11 12:55 a.m.45 views

CVE-2013-5057

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 20...

4.3CVSS7.4AI score0.14803EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.44 views

CVE-2006-0033

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.

9.3CVSS7.4AI score0.45773EPSS
CVE
CVE
added 2008/03/11 11:44 p.m.44 views

CVE-2008-0112

Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."

9.3CVSS9.5AI score0.71916EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.44 views

CVE-2010-3231

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.60735EPSS
CVE
CVE
added 2013/12/11 12:55 a.m.44 views

CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."

4.3CVSS6.7AI score0.11415EPSS
CVE
CVE
added 2025/07/08 5:15 p.m.44 views

CVE-2025-49698

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.3AI score0.00079EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.43 views

CVE-2001-0003

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulner...

5CVSS7AI score0.16137EPSS
CVE
CVE
added 2007/05/30 10:30 a.m.43 views

CVE-2007-2903

Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses ...

5CVSS6.9AI score0.42085EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.43 views

CVE-2008-0104

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.4845EPSS
CVE
CVE
added 2008/09/11 1:11 a.m.43 views

CVE-2008-3007

Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnera...

9.3CVSS7.5AI score0.61776EPSS
Web
CVE
CVE
added 2011/06/16 8:55 p.m.43 views

CVE-2011-1278

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."

9.3CVSS7.7AI score0.50077EPSS
Total number of security vulnerabilities950