Office Security Vulnerabilities and Issues — Page 5 of Office CVE List

Lucene search

MicrosoftOffice

953 matches found

CVE•added 2017/06/15 1:29 a.m.•130 views

CVE-2017-8509

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2021/05/11 7:15 p.m.•130 views

CVE-2021-31178

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.1AI score0.18995EPSS

CVE•added 2022/02/09 5:15 p.m.•130 views

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.02127EPSS

CVE•added 2022/04/15 7:15 p.m.•130 views

CVE-2022-24473

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01964EPSS

CVE•added 2012/04/10 9:55 p.m.•129 views

CVE-2012-0177

Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."

9.3CVSS7.9AI score0.70341EPSS

CVE•added 2012/11/14 12:55 a.m.•129 views

CVE-2012-1885

Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."

9.3CVSS7.9AI score0.65939EPSS

CVE•added 2021/09/15 12:15 p.m.•129 views

CVE-2021-38658

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.5AI score0.05369EPSS

CVE•added 2019/08/14 9:15 p.m.•128 views

CVE-2019-1205

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then...

9.8CVSS8.8AI score0.12237EPSS

CVE•added 2025/01/14 6:16 p.m.•128 views

CVE-2025-21357

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.00119EPSS

CVE•added 2025/01/14 6:16 p.m.•128 views

CVE-2025-21362

Microsoft Excel Remote Code Execution Vulnerability

8.4CVSS7.8AI score0.00415EPSS

CVE•added 2020/12/10 12:15 a.m.•127 views

CVE-2020-17125

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.06282EPSS

CVE•added 2024/09/19 5:15 p.m.•127 views

CVE-2024-38016

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.01278EPSS

CVE•added 2011/06/16 8:55 p.m.•126 views

CVE-2011-1273

Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Ex...

9.3CVSS7.6AI score0.50077EPSS

CVE•added 2018/01/10 1:29 a.m.•125 views

CVE-2018-0793

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.

9.3CVSS8.3AI score0.3495EPSS

CVE•added 2020/04/15 3:15 p.m.•125 views

CVE-2020-0906

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.

9.3CVSS8.8AI score0.32912EPSS

CVE•added 2023/08/08 6:15 p.m.•125 views

CVE-2023-35372

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00458EPSS

CVE•added 2024/06/11 5:15 p.m.•125 views

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.14962EPSS

CVE•added 2013/11/13 12:55 a.m.•124 views

CVE-2013-1325

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability."

9.3CVSS7.9AI score0.59759EPSS

CVE•added 2017/03/17 12:59 a.m.•124 views

CVE-2017-0060

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a ...

5.5CVSS4.3AI score0.03112EPSS

CVE•added 2020/03/12 4:15 p.m.•123 views

CVE-2020-0852

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.

9.3CVSS8AI score0.33652EPSS

CVE•added 2013/09/11 2:3 p.m.•122 views

CVE-2013-3854

Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3853.

9.3CVSS7.6AI score0.52849EPSS

CVE•added 2021/09/15 12:15 p.m.•122 views

CVE-2021-38650

Microsoft Office Spoofing Vulnerability

7.6CVSS7.3AI score0.00821EPSS

CVE•added 2023/03/14 5:15 p.m.•122 views

CVE-2023-23391

Office for Android Spoofing Vulnerability

5.5CVSS5.8AI score0.00216EPSS

CVE•added 2017/03/17 12:59 a.m.•121 views

CVE-2017-0073

4.3CVSS4.3AI score0.14618EPSS

CVE•added 2019/06/12 2:29 p.m.•121 views

CVE-2019-1035

9.3CVSS7.6AI score0.13047EPSS

CVE•added 2020/08/17 7:15 p.m.•121 views

CVE-2020-1495

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

9.3CVSS8.7AI score0.15901EPSS

CVE•added 2016/08/09 9:59 p.m.•120 views

CVE-2016-3304

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrar...

9.3CVSS7.8AI score0.49401EPSS

CVE•added 2018/02/15 2:29 a.m.•120 views

CVE-2018-0851

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Offi...

9.3CVSS8.7AI score0.34337EPSS

CVE•added 2020/02/11 10:15 p.m.•120 views

CVE-2020-0759

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3CVSS8.8AI score0.32912EPSS

CVE•added 2020/04/15 3:15 p.m.•120 views

CVE-2020-0961

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

9.3CVSS8.1AI score0.33652EPSS

CVE•added 2021/04/13 8:15 p.m.•120 views

CVE-2021-28454

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.03974EPSS

CVE•added 2021/05/11 7:15 p.m.•120 views

CVE-2021-31174

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00503EPSS

CVE•added 2009/10/14 10:30 a.m.•119 views

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS7.9AI score0.54154EPSS

CVE•added 2009/10/14 10:30 a.m.•119 views

CVE-2009-3126

9.3CVSS9.7AI score0.48214EPSS

CVE•added 2019/05/16 7:29 p.m.•119 views

CVE-2019-0953

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS7.9AI score0.25636EPSS

CVE•added 2021/01/12 8:15 p.m.•119 views

CVE-2021-1713

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02899EPSS

CVE•added 2021/10/13 1:15 a.m.•119 views

CVE-2021-40471

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.5AI score0.03232EPSS

CVE•added 2021/10/13 1:15 a.m.•119 views

CVE-2021-40473

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.5AI score0.03232EPSS

CVE•added 2020/04/15 3:15 p.m.•118 views

CVE-2020-0980

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS8.3AI score0.33652EPSS

CVE•added 2012/08/15 1:55 a.m.•117 views

CVE-2012-2524

Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.53228EPSS

CVE•added 2019/08/14 9:15 p.m.•117 views

CVE-2019-1148

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wou...

5.5CVSS6.7AI score0.03723EPSS

CVE•added 2020/09/11 5:15 p.m.•117 views

CVE-2020-1193

8.8CVSS7.8AI score0.10314EPSS

CVE•added 2021/10/13 1:15 a.m.•117 views

CVE-2021-40472

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.9AI score0.00488EPSS

CVE•added 2021/10/13 1:15 a.m.•117 views

CVE-2021-40485

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0082EPSS

CVE•added 2018/09/13 12:29 a.m.•116 views

CVE-2018-8332

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows S...

9.3CVSS8.2AI score0.38097EPSS

CVE•added 2020/04/15 3:15 p.m.•116 views

CVE-2020-0991

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760.

9.3CVSS8.4AI score0.34566EPSS

CVE•added 2020/08/17 7:15 p.m.•116 views

CVE-2020-1582

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with adminis...

7.8CVSS7.9AI score0.11602EPSS

CVE•added 2021/04/13 8:15 p.m.•116 views

CVE-2021-28451

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.04005EPSS

CVE•added 2022/11/09 10:15 p.m.•116 views

CVE-2022-41061

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00262EPSS

CVE•added 2025/04/08 6:16 p.m.•116 views

CVE-2025-27747

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.