Office@2010 Security Vulnerabilities and Issues — Page 5 of Office@2010 CVE List

Lucene search

MicrosoftOffice2010

258 matches found

CVE•added 2015/04/14 8:59 p.m.•71 views

CVE-2015-1650

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote a...

9.3CVSS7.5AI score0.55659EPSS

CVE•added 2016/07/13 1:59 a.m.•71 views

CVE-2016-3281

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Micro...

9.3CVSS7.7AI score0.41944EPSS

CVE•added 2018/01/22 11:29 p.m.•71 views

CVE-2018-0845

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is u...

9.3CVSS8.3AI score0.36911EPSS

CVE•added 2018/01/22 11:29 p.m.•71 views

CVE-2018-0849

9.3CVSS8.3AI score0.36911EPSS

CVE•added 2018/05/09 7:29 p.m.•71 views

CVE-2018-8160

An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.

6.5CVSS6.1AI score0.19761EPSS

CVE•added 2015/03/11 10:59 a.m.•70 views

CVE-2015-0085

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer,...

9.3CVSS7.4AI score0.34099EPSS

CVE•added 2015/08/15 12:59 a.m.•70 views

CVE-2015-2470

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."

9.3CVSS7.5AI score0.64267EPSS

CVE•added 2018/06/14 12:29 p.m.•70 views

CVE-2018-8248

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.

9.3CVSS7.7AI score0.47358EPSS

CVE•added 2018/10/10 1:29 p.m.•70 views

CVE-2018-8504

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.

9.3CVSS8.8AI score0.17486EPSS

CVE•added 2015/08/15 12:59 a.m.•69 views

CVE-2015-2468

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 201...

9.3CVSS7.4AI score0.64436EPSS

CVE•added 2015/12/09 11:59 a.m.•69 views

CVE-2015-6172

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."

9.3CVSS7.5AI score0.32798EPSS

CVE•added 2016/12/20 6:59 a.m.•69 views

CVE-2016-7275

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

7.8CVSS7.4AI score0.00683EPSS

CVE•added 2018/06/14 12:29 p.m.•69 views

CVE-2018-8246

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

5.5CVSS5AI score0.22636EPSS

CVE•added 2018/03/14 5:29 p.m.•68 views

CVE-2018-0922

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013...

9.3CVSS7.8AI score0.19242EPSS

CVE•added 2018/10/10 1:29 p.m.•68 views

CVE-2018-8501

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPo...

9.3CVSS8.8AI score0.17486EPSS

CVE•added 2016/07/13 1:59 a.m.•66 views

CVE-2016-3280

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vuln...

9.3CVSS7.6AI score0.31597EPSS

CVE•added 2018/02/15 2:29 a.m.•66 views

CVE-2018-0853

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".

4.3CVSS3.6AI score0.09191EPSS

CVE•added 2015/11/11 12:59 p.m.•65 views

CVE-2015-6093

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office docu...

9.3CVSS7.5AI score0.39746EPSS

CVE•added 2016/11/10 6:59 a.m.•65 views

CVE-2016-7232

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.40637EPSS

CVE•added 2016/11/10 6:59 a.m.•65 views

CVE-2016-7235

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.30017EPSS

CVE•added 2013/11/13 12:55 a.m.•64 views

CVE-2013-1324

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability."

9.3CVSS7.9AI score0.55401EPSS

CVE•added 2015/06/10 1:59 a.m.•64 views

CVE-2015-1760

Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.35902EPSS

CVE•added 2018/01/22 11:29 p.m.•64 views

CVE-2018-0848

9.3CVSS8.3AI score0.36911EPSS

CVE•added 2015/11/11 12:59 p.m.•63 views

CVE-2015-6092

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS

CVE•added 2016/03/09 11:59 a.m.•63 views

CVE-2016-0057

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."

7.8CVSS7.4AI score0.0087EPSS

CVE•added 2016/12/20 6:59 a.m.•63 views

CVE-2016-7276

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure...

7.1CVSS6.7AI score0.11255EPSS

CVE•added 2015/04/14 8:59 p.m.•62 views

CVE-2015-1649

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office doc...

9.3CVSS7.5AI score0.55659EPSS

CVE•added 2015/07/14 9:59 p.m.•62 views

CVE-2015-2379

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vul...

9.3CVSS7.8AI score0.31321EPSS

CVE•added 2014/05/14 11:13 a.m.•61 views

CVE-2014-1809

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."

6.8CVSS8.2AI score0.12935EPSS

CVE•added 2016/02/10 11:59 a.m.•61 views

CVE-2016-0056

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.24713EPSS

CVE•added 2016/09/14 10:59 a.m.•61 views

CVE-2016-0141

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

6.5CVSS6.1AI score0.0771EPSS

CVE•added 2016/12/20 6:59 a.m.•61 views

CVE-2016-7298

Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS8AI score0.1833EPSS

CVE•added 2018/07/11 12:29 a.m.•60 views

CVE-2018-8310

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

7.5CVSS7.2AI score0.07474EPSS

CVE•added 2010/11/10 3:0 a.m.•59 views

CVE-2010-3335

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exceptio...

9.3CVSS7.4AI score0.69003EPSS

CVE•added 2015/02/11 3:1 a.m.•59 views

CVE-2015-0064

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Offi...

9.3CVSS8AI score0.66307EPSS

CVE•added 2016/01/13 5:59 a.m.•59 views

CVE-2016-0010

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafte...

9.3CVSS7.7AI score0.59618EPSS

CVE•added 2016/02/10 11:59 a.m.•59 views

CVE-2016-0053

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute ...

9.3CVSS7.6AI score0.22765EPSS

CVE•added 2015/12/09 11:59 a.m.•58 views

CVE-2015-6106

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graph...

9.3CVSS7.5AI score0.44785EPSS

CVE•added 2014/12/11 12:59 a.m.•57 views

CVE-2014-6357

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold...

9.3CVSS8.8AI score0.55659EPSS

CVE•added 2015/08/15 12:59 a.m.•57 views

CVE-2015-2466

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability."

9.3CVSS8.1AI score0.39116EPSS

CVE•added 2011/09/15 12:26 p.m.•56 views

CVE-2011-1982

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

9.3CVSS7.5AI score0.58519EPSS

CVE•added 2015/07/14 9:59 p.m.•56 views

CVE-2015-2380

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.31321EPSS

CVE•added 2013/10/09 2:53 p.m.•55 views

CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrar...

9.3CVSS7.4AI score0.5514EPSS

CVE•added 2015/12/09 11:59 a.m.•55 views

CVE-2015-6124

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.34197EPSS

CVE•added 2010/11/10 3:0 a.m.•54 views

CVE-2010-3337

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

9.3CVSS6.2AI score0.46382EPSS

CVE•added 2011/09/15 12:26 p.m.•54 views

CVE-2011-1989

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2...

9.3CVSS7.5AI score0.59677EPSS

CVE•added 2014/05/14 11:13 a.m.•54 views

CVE-2014-1756

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory...

9.3CVSS8.2AI score0.25075EPSS

CVE•added 2015/03/11 10:59 a.m.•54 views

CVE-2015-0086

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2,...

9.3CVSS7.6AI score0.27375EPSS

CVE•added 2015/08/15 12:59 a.m.•54 views

CVE-2015-2469

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.66829EPSS

CVE•added 2010/11/10 3:0 a.m.•53 views

CVE-2010-3334

Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp...

9.3CVSS7.6AI score0.65803EPSS

Total number of security vulnerabilities258