266 matches found
CVE-2025-29791
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2019-0561
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
CVE-2019-0945
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.
CVE-2020-0851
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.
CVE-2023-33149
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2018-8147
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
CVE-2018-8502
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.
CVE-2018-8574
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8...
CVE-2018-8587
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
CVE-2019-0671
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-...
CVE-2020-1322
An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.
CVE-2025-27744
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2018-8546
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
CVE-2019-0824
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-...
CVE-2019-1457
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.
CVE-2020-1409
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.
CVE-2019-0827
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...
CVE-2023-33161
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27749
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47167
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2006-1540
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a ...
CVE-2018-0950
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...
CVE-2018-8627
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micros...
CVE-2023-36565
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2025-26642
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-21338
GDI+ Remote Code Execution Vulnerability
CVE-2025-27752
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2018-8244
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
CVE-2018-8539
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.
CVE-2019-1463
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.
CVE-2023-33153
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33158
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8522
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524,...
CVE-2018-8573
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.
CVE-2019-0674
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...
CVE-2019-1449
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would ...
CVE-2020-1321
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.
CVE-2020-16928
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p><p>To exploit this vulnerability, an attacker would need to convince a user to op...
CVE-2023-33162
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-27748
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2019-0825
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-...
CVE-2019-0826
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-...
CVE-2019-0947
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946.
CVE-2020-16934
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p><p>To exploit this vulnerability, an attacker would need to convince a user to op...
CVE-2018-8524
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...
CVE-2021-42293
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2022-44713
Microsoft Outlook for Mac Spoofing Vulnerability
CVE-2019-0675
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-...
CVE-2024-49059
Microsoft Office Elevation of Privilege Vulnerability