Office Security Vulnerabilities and Issues — Page 4 of Office CVE List

Lucene search

MicrosoftOffice

938 matches found

CVE•added 2023/01/10 10:15 p.m.•146 views

CVE-2023-21737

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00939EPSS

CVE•added 2016/06/16 1:59 a.m.•145 views

CVE-2016-0025

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Offi...

9.3CVSS7.2AI score0.2879EPSS

CVE•added 2021/04/13 8:15 p.m.•145 views

CVE-2021-28453

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0241EPSS

CVE•added 2024/11/12 6:15 p.m.•145 views

CVE-2024-49031

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00492EPSS

CVE•added 2017/03/17 12:59 a.m.•144 views

CVE-2017-0108

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via...

9.3CVSS7AI score0.36288EPSS

CVE•added 2020/10/16 11:15 p.m.•144 views

CVE-2020-16931

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

7.8CVSS7.7AI score0.07314EPSS

CVE•added 2020/06/09 8:15 p.m.•143 views

CVE-2020-1226

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.

9.3CVSS8.5AI score0.20625EPSS

CVE•added 2022/01/11 9:15 p.m.•143 views

CVE-2022-21841

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS8.2AI score0.01942EPSS

CVE•added 2011/09/15 12:26 p.m.•142 views

CVE-2011-1988

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which all...

9.3CVSS7.4AI score0.58631EPSS

CVE•added 2012/11/14 12:55 a.m.•142 views

CVE-2012-2543

Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."

9.3CVSS7.9AI score0.65939EPSS

CVE•added 2023/01/10 10:15 p.m.•142 views

CVE-2023-21734

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00703EPSS

CVE•added 2021/01/12 8:15 p.m.•141 views

CVE-2021-1714

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01784EPSS

CVE•added 2021/05/11 7:15 p.m.•141 views

CVE-2021-31175

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.03974EPSS

CVE•added 2024/10/08 6:15 p.m.•141 views

CVE-2024-43504

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.02253EPSS

CVE•added 2021/05/11 7:15 p.m.•140 views

CVE-2021-31180

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0446EPSS

CVE•added 2017/06/15 1:29 a.m.•139 views

CVE-2017-8527

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Rem...

9.3CVSS6AI score0.28831EPSS

CVE•added 2017/09/13 1:29 a.m.•139 views

CVE-2017-8695

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; L...

5.3CVSS6AI score0.25671EPSS

CVE•added 2023/08/08 6:15 p.m.•139 views

CVE-2023-35371

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00766EPSS

CVE•added 2023/11/14 6:15 p.m.•139 views

CVE-2023-36037

Microsoft Excel Security Feature Bypass Vulnerability

7.8CVSS7.5AI score0.00197EPSS

CVE•added 2024/10/08 6:15 p.m.•139 views

CVE-2024-43609

Microsoft Office Spoofing Vulnerability

6.5CVSS6.5AI score0.13093EPSS

CVE•added 2025/01/14 6:16 p.m.•139 views

CVE-2025-21356

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00226EPSS

CVE•added 2012/05/09 12:55 a.m.•138 views

CVE-2012-0183

Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."

9.3CVSS7.7AI score0.62114EPSS

CVE•added 2019/07/29 2:8 p.m.•138 views

CVE-2019-1109

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerabi...

9.1CVSS8.6AI score0.07967EPSS

CVE•added 2019/08/14 9:15 p.m.•138 views

CVE-2019-1149

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ...

9.3CVSS9.3AI score0.37629EPSS

CVE•added 2020/10/16 11:15 p.m.•138 views

CVE-2020-16955

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.To exploit this vulnerability, an attacker would need to convince a user to open a speci...

7.8CVSS7.4AI score0.08331EPSS

CVE•added 2023/05/09 6:15 p.m.•138 views

CVE-2023-29333

Microsoft Access Denial of Service Vulnerability

3.3CVSS4.1AI score0.00374EPSS

CVE•added 2019/09/11 10:15 p.m.•137 views

CVE-2019-1263

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS6AI score0.1377EPSS

CVE•added 2017/06/15 1:29 a.m.•136 views

CVE-2017-0283

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Busi...

9.3CVSS6.4AI score0.55105EPSS

CVE•added 2021/01/12 8:15 p.m.•136 views

CVE-2021-1715

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.0208EPSS

CVE•added 2023/10/10 6:15 p.m.•136 views

CVE-2023-36569

Microsoft Office Elevation of Privilege Vulnerability

8.4CVSS8.3AI score0.00147EPSS

CVE•added 2011/12/14 12:55 a.m.•135 views

CVE-2011-1983

Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."

9.3CVSS7.5AI score0.5796EPSS

CVE•added 2013/09/11 2:3 p.m.•135 views

CVE-2013-1315

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS7.6AI score0.69342EPSS

CVE•added 2020/03/12 4:15 p.m.•135 views

CVE-2020-0850

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

8.8CVSS7.9AI score0.33652EPSS

CVE•added 2023/06/14 12:15 a.m.•135 views

CVE-2023-33133

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.14181EPSS

CVE•added 2024/07/09 5:15 p.m.•135 views

CVE-2024-38021

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.15704EPSS

CVE•added 2020/12/10 12:15 a.m.•134 views

CVE-2020-17122

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06001EPSS

CVE•added 2020/12/10 12:15 a.m.•134 views

CVE-2020-17129

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06001EPSS

CVE•added 2024/11/12 6:15 p.m.•134 views

CVE-2024-49026

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00241EPSS

CVE•added 2009/10/14 10:30 a.m.•133 views

CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3CVSS7.2AI score0.43234EPSS

CVE•added 2024/07/09 5:15 p.m.•133 views

CVE-2024-38020

Microsoft Outlook Spoofing Vulnerability

6.5CVSS6.8AI score0.00661EPSS

CVE•added 2011/04/13 6:55 p.m.•132 views

CVE-2011-0097

Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code ...

9.3CVSS7.6AI score0.63845EPSS

CVE•added 2008/05/13 10:20 p.m.•131 views

CVE-2008-1434

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling erro...

9.3CVSS7.2AI score0.60485EPSS

CVE•added 2012/05/09 12:55 a.m.•131 views

CVE-2012-0141

Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Fi...

9.3CVSS7.5AI score0.64174EPSS

CVE•added 2020/08/17 7:15 p.m.•131 views

CVE-2020-1583

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

8.8CVSS8AI score0.18011EPSS

CVE•added 2009/11/11 8:30 p.m.•130 views

CVE-2009-3130

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, ak...

9.3CVSS7.7AI score0.63952EPSS

CVE•added 2012/05/09 12:55 a.m.•130 views

CVE-2012-0143

Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."

9.3CVSS7.5AI score0.60557EPSS

CVE•added 2017/06/15 1:29 a.m.•130 views

CVE-2017-8509

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2021/05/11 7:15 p.m.•130 views

CVE-2021-31178

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.1AI score0.18995EPSS

CVE•added 2021/08/12 6:15 p.m.•130 views

CVE-2021-34478

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.1188EPSS

CVE•added 2022/02/09 5:15 p.m.•130 views

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability