Office@* Security Vulnerabilities and Issues — Page 4 of Office@* CVE List

Lucene search

MicrosoftOffice*

266 matches found

CVE•added 2025/04/08 6:16 p.m.•90 views

CVE-2025-29791

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.5AI score0.0143EPSS

CVE•added 2019/01/08 9:29 p.m.•89 views

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

5.5CVSS6.1AI score0.13337EPSS

CVE•added 2019/05/16 7:29 p.m.•89 views

CVE-2019-0945

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.

9.3CVSS7.9AI score0.24224EPSS

CVE•added 2020/03/12 4:15 p.m.•89 views

CVE-2020-0851

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

9.3CVSS8AI score0.33652EPSS

CVE•added 2023/07/11 6:15 p.m.•89 views

CVE-2023-33149

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00766EPSS

CVE•added 2018/05/09 7:29 p.m.•88 views

CVE-2018-8147

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.

9.3CVSS7.9AI score0.24873EPSS

CVE•added 2018/10/10 1:29 p.m.•88 views

CVE-2018-8502

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

9.3CVSS8.8AI score0.20562EPSS

CVE•added 2018/11/14 1:29 a.m.•88 views

CVE-2018-8574

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8...

9.3CVSS7.9AI score0.19365EPSS

CVE•added 2018/12/12 12:29 a.m.•88 views

CVE-2018-8587

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

9.3CVSS6.1AI score0.46569EPSS

CVE•added 2019/03/06 12:0 a.m.•88 views

CVE-2019-0671

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2020/06/09 8:15 p.m.•88 views

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.

6.5CVSS5.9AI score0.25134EPSS

CVE•added 2025/04/08 6:16 p.m.•88 views

CVE-2025-27744

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

7.8CVSS7AI score0.00061EPSS

CVE•added 2018/11/14 1:29 a.m.•87 views

CVE-2018-8546

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

5.9CVSS6.1AI score0.11131EPSS

CVE•added 2019/04/09 9:29 p.m.•87 views

CVE-2019-0824

7.8CVSS7.8AI score0.19127EPSS

CVE•added 2019/11/12 7:15 p.m.•87 views

CVE-2019-1457

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.

7.8CVSS7.4AI score0.05719EPSS

CVE•added 2020/07/14 11:15 p.m.•87 views

CVE-2020-1409

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.

9.3CVSS8.9AI score0.35463EPSS

CVE•added 2019/04/09 9:29 p.m.•86 views

CVE-2019-0827

7.8CVSS7.8AI score0.19127EPSS

CVE•added 2023/07/11 6:15 p.m.•86 views

CVE-2023-33161

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00684EPSS

CVE•added 2025/04/08 6:16 p.m.•86 views

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00742EPSS

CVE•added 2025/04/08 6:16 p.m.•86 views

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2025/06/10 5:23 p.m.•86 views

CVE-2025-47167

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

8.4CVSS8.4AI score0.00163EPSS

CVE•added 2006/03/30 11:2 a.m.•85 views

CVE-2006-1540

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a ...

9.3CVSS7.4AI score0.69796EPSS

CVE•added 2018/04/12 1:29 a.m.•85 views

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...

6.5CVSS5.4AI score0.14964EPSS

CVE•added 2018/12/12 12:29 a.m.•85 views

CVE-2018-8627

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micros...

5.5CVSS4.9AI score0.19881EPSS

CVE•added 2023/10/10 6:15 p.m.•85 views

CVE-2023-36565

Microsoft Office Graphics Elevation of Privilege Vulnerability

7CVSS7AI score0.00094EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.001EPSS

CVE•added 2025/01/14 6:15 p.m.•84 views

CVE-2025-21338

GDI+ Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00266EPSS

CVE•added 2025/04/08 6:16 p.m.•84 views

CVE-2025-27752

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00742EPSS

CVE•added 2018/06/14 12:29 p.m.•83 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

6.5CVSS6.4AI score0.1023EPSS

CVE•added 2018/11/14 1:29 a.m.•83 views

CVE-2018-8539

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

9.3CVSS7.9AI score0.16422EPSS

CVE•added 2019/12/10 10:15 p.m.•83 views

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

5.5CVSS5AI score0.01654EPSS

CVE•added 2023/07/11 6:15 p.m.•83 views

CVE-2023-33153

Microsoft Outlook Remote Code Execution Vulnerability

8.8CVSS7.6AI score0.00421EPSS

CVE•added 2023/07/11 6:15 p.m.•83 views

CVE-2023-33158

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00374EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8522

9.3CVSS8.3AI score0.17365EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

9.3CVSS7.9AI score0.16422EPSS

CVE•added 2019/03/06 12:0 a.m.•82 views

CVE-2019-0674

9.3CVSS7.9AI score0.31336EPSS

CVE•added 2019/11/12 7:15 p.m.•82 views

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would ...

10CVSS9.3AI score0.0625EPSS

CVE•added 2020/06/09 8:15 p.m.•82 views

CVE-2020-1321

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.39264EPSS

CVE•added 2020/10/16 11:15 p.m.•82 views

CVE-2020-16928

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p><p>To exploit this vulnerability, an attacker would need to convince a user to op...

7.8CVSS7.4AI score0.08331EPSS

CVE•added 2023/07/11 6:15 p.m.•82 views

CVE-2023-33162

Microsoft Excel Information Disclosure Vulnerability

5.5CVSS5.4AI score0.00499EPSS

CVE•added 2025/04/08 6:16 p.m.•82 views

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00742EPSS

CVE•added 2019/04/09 9:29 p.m.•81 views

CVE-2019-0825

7.8CVSS7.8AI score0.19127EPSS