Office Security Vulnerabilities and Issues — Page 8 of Office CVE List

Lucene search

MicrosoftOffice

938 matches found

CVE•added 2009/10/14 10:30 a.m.•97 views

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office E...

9.3CVSS9.7AI score0.42434EPSS

CVE•added 2017/03/17 12:59 a.m.•97 views

CVE-2017-0031

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is differen...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2017/06/15 1:29 a.m.•97 views

CVE-2017-8533

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This ...

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2020/07/14 11:15 p.m.•97 views

CVE-2020-1448

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2022/02/09 5:15 p.m.•97 views

CVE-2022-23252

Microsoft Office Information Disclosure Vulnerability

5.5CVSS5.8AI score0.00325EPSS

CVE•added 2024/08/13 6:15 p.m.•97 views

CVE-2024-38171

Microsoft PowerPoint Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01087EPSS

CVE•added 2019/03/06 12:0 a.m.•96 views

CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

5.5CVSS5.5AI score0.12875EPSS

CVE•added 2020/09/11 5:15 p.m.•96 views

CVE-2020-1338

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fi...

8.8CVSS7.7AI score0.10314EPSS

CVE•added 2025/01/14 6:16 p.m.•96 views

CVE-2025-21346

Microsoft Office Security Feature Bypass Vulnerability

7.8CVSS6.8AI score0.00204EPSS

CVE•added 2016/10/14 2:59 a.m.•95 views

CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync ...

5.5CVSS6AI score0.18446EPSS

CVE•added 2017/06/15 1:29 a.m.•95 views

CVE-2017-0289

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CV...

5CVSS5.1AI score0.24455EPSS

CVE•added 2019/07/29 2:9 p.m.•95 views

CVE-2019-1112

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.10716EPSS

CVE•added 2019/11/12 7:15 p.m.•95 views

CVE-2019-1402

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

5.5CVSS5.1AI score0.02127EPSS

CVE•added 2008/09/11 1:11 a.m.•94 views

CVE-2008-3013

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.74609EPSS

CVE•added 2015/08/15 12:59 a.m.•94 views

CVE-2015-2463

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight b...

9.3CVSS7.3AI score0.52873EPSS

CVE•added 2018/11/14 1:29 a.m.•94 views

CVE-2018-8577

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This C...

9.3CVSS7.9AI score0.19365EPSS

CVE•added 2019/01/08 9:29 p.m.•94 views

CVE-2019-0559

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

6.5CVSS5.9AI score0.25751EPSS

CVE•added 2019/03/06 12:0 a.m.•94 views

CVE-2019-0672

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0673, CVE-2019-0674, CVE-...

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2019/12/10 10:15 p.m.•94 views

CVE-2019-1400

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.

5.5CVSS5AI score0.01654EPSS

CVE•added 2019/11/12 7:15 p.m.•94 views

CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

5.5CVSS5.6AI score0.08477EPSS

CVE•added 2020/09/11 5:15 p.m.•94 views

CVE-2020-1332

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

8.8CVSS7.8AI score0.10314EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2023/07/11 6:15 p.m.•94 views

CVE-2023-33152

Microsoft ActiveX Remote Code Execution Vulnerability

7.8CVSS7.3AI score0.00957EPSS

CVE•added 2025/02/11 6:15 p.m.•94 views

CVE-2025-21387

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00168EPSS

CVE•added 2016/05/11 1:59 a.m.•93 views

CVE-2016-0140

Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.29275EPSS

CVE•added 2019/01/08 9:29 p.m.•93 views

CVE-2019-0560

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.

5.5CVSS5.1AI score0.26918EPSS

CVE•added 2021/03/11 4:15 p.m.•93 views

CVE-2021-27057

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.04203EPSS

CVE•added 2021/12/15 3:15 p.m.•93 views

CVE-2021-43875

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00914EPSS

CVE•added 2022/12/13 7:15 p.m.•93 views

CVE-2022-44692

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00392EPSS

CVE•added 2025/04/08 6:16 p.m.•93 views

CVE-2025-29792

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

7.3CVSS7.5AI score0.00178EPSS

CVE•added 2010/06/08 8:30 p.m.•92 views

CVE-2010-1263

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantia...

9.3CVSS7.4AI score0.4797EPSS

CVE•added 2017/06/15 1:29 a.m.•92 views

CVE-2017-0282

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows ...

5CVSS4.9AI score0.17084EPSS

CVE•added 2017/06/15 1:29 a.m.•92 views

CVE-2017-0284

5CVSS4.9AI score0.17084EPSS

CVE•added 2017/06/15 1:29 a.m.•92 views

CVE-2017-8510

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2019/04/09 9:29 p.m.•92 views

CVE-2019-0822

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

9.3CVSS7.8AI score0.25636EPSS

CVE•added 2020/08/17 7:15 p.m.•92 views

CVE-2020-1497

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special docume...

5.5CVSS6.3AI score0.25763EPSS

CVE•added 2021/03/11 4:15 p.m.•92 views

CVE-2021-27053

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.0356EPSS

CVE•added 2024/12/12 2:4 a.m.•92 views

CVE-2024-49142

Microsoft Access Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00163EPSS

CVE•added 2025/01/14 6:15 p.m.•92 views

CVE-2025-21186

Microsoft Access Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00265EPSS

CVE•added 2016/08/09 9:59 p.m.•91 views

CVE-2016-3303

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrar...

9.3CVSS7.8AI score0.49401EPSS

CVE•added 2016/09/14 10:59 a.m.•91 views

CVE-2016-3357

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automati...

9.3CVSS7.6AI score0.29428EPSS

CVE•added 2016/10/14 2:59 a.m.•91 views

CVE-2016-3396

9.3CVSS8.9AI score0.32397EPSS

CVE•added 2019/04/09 9:29 p.m.•91 views

CVE-2019-0801

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addre...

7.8CVSS7.7AI score0.23271EPSS

CVE•added 2019/05/16 7:29 p.m.•91 views

CVE-2019-0946

9.3CVSS7.9AI score0.24224EPSS

CVE•added 2020/02/11 10:15 p.m.•91 views

CVE-2020-0696

A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

6.5CVSS6.4AI score0.05593EPSS

CVE•added 2022/11/09 10:15 p.m.•91 views

CVE-2022-41060

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.003EPSS

CVE•added 2024/08/13 6:15 p.m.•91 views

CVE-2024-38173

Microsoft Outlook Remote Code Execution Vulnerability

6.7CVSS6.7AI score0.01349EPSS

CVE•added 2025/04/08 6:16 p.m.•91 views

CVE-2025-27751

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.0041EPSS

CVE•added 2002/10/04 4:0 a.m.•90 views

CVE-2002-0862

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constrai...

6.8CVSS6.3AI score0.20154EPSS

CVE•added 2017/06/15 1:29 a.m.•90 views

CVE-2017-0285

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of ...

5CVSS4.9AI score0.17084EPSS

Total number of security vulnerabilities938