Lucene search

K

266 matches found

CVE
CVE
added 2025/04/08 6:16 p.m.90 views

CVE-2025-29791

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.0143EPSS
CVE
CVE
added 2019/01/08 9:29 p.m.89 views

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

5.5CVSS6.1AI score0.13337EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.89 views

CVE-2019-0945

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.

9.3CVSS7.9AI score0.24224EPSS
CVE
CVE
added 2020/03/12 4:15 p.m.89 views

CVE-2020-0851

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

9.3CVSS8AI score0.33652EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.89 views

CVE-2023-33149

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00766EPSS
CVE
CVE
added 2018/05/09 7:29 p.m.88 views

CVE-2018-8147

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.

9.3CVSS7.9AI score0.24873EPSS
CVE
CVE
added 2018/10/10 1:29 p.m.88 views

CVE-2018-8502

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

9.3CVSS8.8AI score0.20562EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.88 views

CVE-2018-8574

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8...

9.3CVSS7.9AI score0.19365EPSS
CVE
CVE
added 2018/12/12 12:29 a.m.88 views

CVE-2018-8587

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

9.3CVSS6.1AI score0.46569EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.88 views

CVE-2019-0671

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVE
added 2020/06/09 8:15 p.m.88 views

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.

6.5CVSS5.9AI score0.25134EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.88 views

CVE-2025-27744

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

7.8CVSS7AI score0.00061EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.87 views

CVE-2018-8546

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

5.9CVSS6.1AI score0.11131EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.87 views

CVE-2019-0824

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.87 views

CVE-2019-1457

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.

7.8CVSS7.4AI score0.05719EPSS
CVE
CVE
added 2020/07/14 11:15 p.m.87 views

CVE-2020-1409

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.

9.3CVSS8.9AI score0.35463EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.86 views

CVE-2019-0827

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.86 views

CVE-2023-33161

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00684EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.86 views

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00742EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.86 views

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS
CVE
CVE
added 2025/06/10 5:23 p.m.86 views

CVE-2025-47167

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.4AI score0.00163EPSS
CVE
CVE
added 2006/03/30 11:2 a.m.85 views

CVE-2006-1540

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a ...

9.3CVSS7.4AI score0.69796EPSS
CVE
CVE
added 2018/04/12 1:29 a.m.85 views

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...

6.5CVSS5.4AI score0.14964EPSS
CVE
CVE
added 2018/12/12 12:29 a.m.85 views

CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micros...

5.5CVSS4.9AI score0.19881EPSS
CVE
CVE
added 2023/10/10 6:15 p.m.85 views

CVE-2023-36565

Microsoft Office Graphics Elevation of Privilege Vulnerability

7CVSS7AI score0.00094EPSS
CVE
CVE
added 2025/04/08 6:15 p.m.85 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.001EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.84 views

CVE-2025-21338

GDI+ Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00266EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.84 views

CVE-2025-27752

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00742EPSS
CVE
CVE
added 2018/06/14 12:29 p.m.83 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.83 views

CVE-2018-8539

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

9.3CVSS7.9AI score0.16422EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.83 views

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

5.5CVSS5AI score0.01654EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.83 views

CVE-2023-33153

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS7.6AI score0.00421EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.83 views

CVE-2023-33158

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00374EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.82 views

CVE-2018-8522

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524,...

9.3CVSS8.3AI score0.17365EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.82 views

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

9.3CVSS7.9AI score0.16422EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.82 views

CVE-2019-0674

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.82 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would ...

10CVSS9.3AI score0.0625EPSS
CVE
CVE
added 2020/06/09 8:15 p.m.82 views

CVE-2020-1321

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.39264EPSS
CVE
CVE
added 2020/10/16 11:15 p.m.82 views

CVE-2020-16928

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p><p>To exploit this vulnerability, an attacker would need to convince a user to op...

7.8CVSS7.4AI score0.08331EPSS
CVE
CVE
added 2023/07/11 6:15 p.m.82 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00499EPSS
CVE
CVE
added 2025/04/08 6:16 p.m.82 views

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00742EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.81 views

CVE-2019-0825

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.81 views

CVE-2019-0826

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...

7.8CVSS7.8AI score0.19127EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.81 views

CVE-2019-0947

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946.

9.3CVSS7.9AI score0.24224EPSS
CVE
CVE
added 2020/10/16 11:15 p.m.81 views

CVE-2020-16934

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p><p>To exploit this vulnerability, an attacker would need to convince a user to op...

7.8CVSS6.7AI score0.0284EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.79 views

CVE-2018-8524

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...

9.3CVSS8.3AI score0.17365EPSS
CVE
CVE
added 2021/12/15 3:15 p.m.79 views

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

6.5CVSS6.6AI score0.01728EPSS
CVE
CVE
added 2022/12/13 7:15 p.m.79 views

CVE-2022-44713

Microsoft Outlook for Mac Spoofing Vulnerability

7.5CVSS7.5AI score0.02737EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.78 views

CVE-2019-0675

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...

9.3CVSS7.9AI score0.31336EPSS
CVE
CVE
added 2024/12/12 2:4 a.m.78 views

CVE-2024-49059

Microsoft Office Elevation of Privilege Vulnerability

7CVSS6.9AI score0.00104EPSS
Total number of security vulnerabilities266