Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftOffice

950 matches found

CVE
CVEadded 2019/01/08 9:29 p.m.91 views

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

5.5CVSS6.1AI score0.13337EPSS
CVE
CVEadded 2019/03/06 12:0 a.m.91 views

CVE-2019-0673

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0674, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVEadded 2020/11/11 7:15 a.m.91 views

CVE-2020-17065

Microsoft Excel Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.08062EPSS
CVE
CVEadded 2023/07/11 6:15 p.m.91 views

CVE-2023-33149

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00766EPSS
CVE
CVEadded 2025/01/14 6:16 p.m.91 views

CVE-2025-21366

Microsoft Access Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0041EPSS
CVE
CVEadded 2025/04/08 6:16 p.m.91 views

CVE-2025-27750

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00074EPSS
CVE
CVEadded 2019/03/06 12:0 a.m.90 views

CVE-2019-0671

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVEadded 2019/05/16 7:29 p.m.90 views

CVE-2019-0945

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.

9.3CVSS7.9AI score0.24224EPSS
CVE
CVEadded 2020/03/12 4:15 p.m.90 views

CVE-2020-0851

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

9.3CVSS8AI score0.33652EPSS
CVE
CVEadded 2020/06/09 8:15 p.m.90 views

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.

6.5CVSS5.9AI score0.25134EPSS
CVE
CVEadded 2020/11/11 7:15 a.m.90 views

CVE-2020-17064

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.10674EPSS
CVE
CVEadded 2021/02/25 11:15 p.m.90 views

CVE-2021-24067

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02597EPSS
CVE
CVEadded 2021/03/11 4:15 p.m.90 views

CVE-2021-27056

Microsoft PowerPoint Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.12755EPSS
CVE
CVEadded 2025/06/10 5:23 p.m.90 views

CVE-2025-47167

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.4AI score0.0017EPSS
CVE
CVEadded 2011/04/13 6:55 p.m.89 views

CVE-2011-0655

Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeCo...

9.3CVSS7.6AI score0.66248EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.89 views

CVE-2015-2435

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, a...

9.3CVSS7.4AI score0.33527EPSS
CVE
CVEadded 2016/06/16 1:59 a.m.89 views

CVE-2016-3234

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers t...

5.5CVSS5.4AI score0.25546EPSS
CVE
CVEadded 2017/06/15 1:29 a.m.89 views

CVE-2017-8550

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

5.4CVSS5.9AI score0.1238EPSS
CVE
CVEadded 2018/01/10 1:29 a.m.89 views

CVE-2018-0791

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.

9.3CVSS8.3AI score0.3495EPSS
CVE
CVEadded 2018/05/09 7:29 p.m.89 views

CVE-2018-8147

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.

9.3CVSS7.9AI score0.30512EPSS
CVE
CVEadded 2018/10/10 1:29 p.m.89 views

CVE-2018-8502

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

9.3CVSS8.8AI score0.1968EPSS
CVE
CVEadded 2018/11/14 1:29 a.m.89 views

CVE-2018-8574

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8...

9.3CVSS7.9AI score0.1908EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.89 views

CVE-2025-21338

GDI+ Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00266EPSS
CVE
CVEadded 2025/04/08 6:16 p.m.89 views

CVE-2025-27744

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

7.8CVSS7AI score0.00062EPSS
CVE
CVEadded 2025/04/08 6:16 p.m.89 views

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00056EPSS
CVE
CVEadded 2008/09/11 1:11 a.m.88 views

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital ...

9.3CVSS7.8AI score0.71547EPSS
CVE
CVEadded 2009/08/12 5:30 p.m.88 views

CVE-2009-2496

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 200...

9.3CVSS8AI score0.61262EPSS
CVE
CVEadded 2016/05/11 1:59 a.m.88 views

CVE-2016-0198

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corr...

9.3CVSS7.8AI score0.25849EPSS
CVE
CVEadded 2016/10/14 2:59 a.m.88 views

CVE-2016-3263

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync ...

5.5CVSS6AI score0.19061EPSS
CVE
CVEadded 2017/03/17 12:59 a.m.88 views

CVE-2017-0053

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory ...

9.3CVSS6.7AI score0.23473EPSS
CVE
CVEadded 2018/11/14 1:29 a.m.88 views

CVE-2018-8546

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

5.9CVSS6.1AI score0.10946EPSS
CVE
CVEadded 2018/12/12 12:29 a.m.88 views

CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micros...

5.5CVSS4.9AI score0.19881EPSS
CVE
CVEadded 2019/04/09 9:29 p.m.88 views

CVE-2019-0824

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVEadded 2019/08/14 9:15 p.m.88 views

CVE-2019-1200

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS7.7AI score0.07373EPSS
CVE
CVEadded 2019/11/12 7:15 p.m.88 views

CVE-2019-1457

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.

7.8CVSS7.4AI score0.0496EPSS
CVE
CVEadded 2021/02/25 11:15 p.m.88 views

CVE-2021-24069

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.01129EPSS
CVE
CVEadded 2022/12/13 7:15 p.m.88 views

CVE-2022-44691

Microsoft Office OneNote Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01706EPSS
CVE
CVEadded 2022/12/13 7:15 p.m.88 views

CVE-2022-44695

Microsoft Office Visio Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00504EPSS
CVE
CVEadded 2025/04/08 6:16 p.m.88 views

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00252EPSS
CVE
CVEadded 2017/06/15 1:29 a.m.87 views

CVE-2017-8512

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS
CVE
CVEadded 2018/01/10 1:29 a.m.87 views

CVE-2018-0794

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792...

9.3CVSS8.8AI score0.53651EPSS
CVE
CVEadded 2019/04/09 9:29 p.m.87 views

CVE-2019-0827

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVEadded 2021/02/25 11:15 p.m.87 views

CVE-2021-24070

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.02597EPSS
CVE
CVEadded 2023/07/11 6:15 p.m.87 views

CVE-2023-33161

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00766EPSS
CVE
CVEadded 2025/03/11 5:16 p.m.87 views

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00139EPSS
CVE
CVEadded 2025/04/08 6:15 p.m.87 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.00082EPSS
CVE
CVEadded 2006/03/30 11:2 a.m.86 views

CVE-2006-1540

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a ...

9.3CVSS7.4AI score0.74659EPSS
CVE
CVEadded 2014/10/15 10:55 a.m.86 views

CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code vi...

9.3CVSS8.7AI score0.35711EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.86 views

CVE-2015-2455

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, S...

9.3CVSS7.3AI score0.6028EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.86 views

CVE-2015-2456

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, S...

9.3CVSS7.3AI score0.6028EPSS
Total number of security vulnerabilities950