76 matches found
CVE-2010-2572
CVE-2010-2572 describes a remote code execution vulnerability in Microsoft PowerPoint 2002 SP3 and 2003 SP3 caused by an error in parsing PowerPoint 95 files (PowerPoint Parsing Buffer Overflow). The issue could allow an attacker to take complete control of an affected system by convincing a user...
CVE-2015-2424
CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...
CVE-2018-8628
CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...
CVE-2024-20673
CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...
CVE-2022-26903
Technical details about CVE-2022-26903 (affected components, root cause, impact, and fixes) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases for official disclosures and remediation information.
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2020-17124
CVE-2020-17124 is an Microsoft PowerPoint remote code execution vulnerability. Connected sources confirm it affects PowerPoint/Office, with December 2020 security updates released to address it. Severity is high (CVSSv3.1 base 7.8 / 9.3 from CVSS v2). No exploitation details are provided in the d...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2024-38171
CVE-2024-38171 is Microsoft PowerPoint Remote Code Execution vulnerability. The CVE entry indicates a PowerPoint RCE with a CVSSv3.1 base score of 7.8 (HIGH) and local attack vector requiring user interaction. Connected sources corroborate Windows/Office updates addressing CVE-2024-38171: a Augus...
CVE-2019-1462
CVE-2019-1462 is a remote code execution vulnerability affecting Microsoft PowerPoint/Office where memory objects are mishandled. The Red Hat advisory reiterates the same remote code execution issue, and various Nessus/OpenVAS entries tie the vulnerability to PowerPoint versions across Windows/ma...
CVE-2017-8742
Two CVEs (CVE-2017-8742 and CVE-2017-8743) describe remote code execution in Microsoft PowerPoint family and associated server/web apps due to improper handling of objects in memory. CVE-2017-8742 affects PowerPoint up to 2016, PowerPoint Viewer 2007, SharePoint Server 2013 SP1, SharePoint Enterp...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2017-8743
CVE-2017-8743 affects Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server. The vulnerability arises from improper handling of objects in memory, enabling remote code execution. The CVSS details in the initial record indicate a HIGH impact with local/re...
CVE-2025-47175
Microsoft PowerPoint CVE-2025-47175 is a Use-After-Free in PowerPoint that can lead to local code execution when a user opens a crafted PPTX file. Exploit details in connected sources indicate a local attacker must persuade a victim to open the file (PoC guidance exists for PowerPoint 2019 / Offi...
CVE-2016-3279
CVE-2016-3279 is a remote code execution vulnerability in multiple Microsoft Office components (e.g., Excel, Word, PowerPoint, Word Automation Services, Office Web Apps) that can be triggered by processing a crafted XLA file. Affected products include Office 2010 SP2, 2013 SP1/RT SP1, 2016, Word ...
CVE-2021-27056
CVE-2021-27056 is a Microsoft PowerPoint remote code execution vulnerability. Public sources describe a RCE flaw in PowerPoint components that could allow an attacker to bypass authentication and execute arbitrary commands. The issue is associated with multiple Office/PowerPoint versions (includi...
CVE-2011-0655
CVE-2011-0655 affects Microsoft PowerPoint and related Office components. The vulnerability arises when PowerPoint reads an invalid TimeColorBehaviorContainer Floating Point record in a PowerPoint file, with insufficient validation allowing remote code execution or memory corruption. Affected pro...
CVE-2016-0012
CVE-2016-0012 affects Microsoft Office suite (2007–2016 and related components) and is described as a security feature/ASLR bypass vulnerability. Connected OpenVAS entries explicitly reference remote bypass vectors in Office components (PowerPoint, Visio, Word, Excel, VB runtime) and note exploit...
CVE-2010-2573
CVE-2010-2573 is a PowerPoint remote-code-execution vulnerability caused by an integer underflow while parsing PowerPoint files. Affected are Microsoft PowerPoint 2002 SP3, 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac. Microsoft’s MS10-088 security bulletin provides a patch for the vu...
CVE-2015-0085
CVE-2015-0085 is a use-after-free vulnerability in Microsoft Office components (including Office 2007/2010/2013 suites and related SharePoint/Viewer components) that enables remote code execution via a crafted Office document. The issue affects a broad set of Office applications and SharePoint-re...
CVE-2016-3360
CVE-2016-3360 affects multiple Microsoft Office components, notably PowerPoint and related Office apps. The vulnerability is a memory corruption issue in which a crafted document can cause remote code execution on the affected host. Affected products include PowerPoint 2007 SP3, 2010 SP2, 2013 SP...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2015-2423
CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2015-1682
Microsoft Office Multiple Remote Code Execution Vulnerabilities (CVE-2015-1682) affect Office/SharePoint components across Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, Word/Excel/PowerPoint/SharePoint-related services, etc. Root cause: memory corruption triggered by processing a crafted...
CVE-2016-7230
CVE-2016-7230 affects Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2. The root cause is memory corruption from improper handling of objects in memory, enabling remote code execution when a user opens a specially crafted Office document. Exploitation requires user a...
CVE-2009-0556
CVE-2009-0556 affects Microsoft Office PowerPoint (Windows and Mac) versions listed in the description. It is a memory corruption vulnerability triggered by a PowerPoint file containing an OutlineTextRefAtom with an invalid index, enabling remote code execution when a user opens the malicious fil...
CVE-2018-8501
CVE-2018-8501 is a remote code execution flaw in Microsoft PowerPoint/Office caused by improper handling of objects in Protected View. The vulnerability allows a remote attacker to run arbitrary code in the context of the current user, with the potential for system compromise if the user has admi...
CVE-2010-0031
CVE-2010-0031: An error in parsing the OEPlaceholderAtom record (placementId) in PowerPoint components allows remote code execution via a crafted PowerPoint file. Affected products include Microsoft Office PowerPoint 2002 SP3, 2003 SP3, and PowerPoint in Office 2004 for Mac. The vulnerability ste...
CVE-2024-39804
CVE-2024-39804 concerns Microsoft PowerPoint 16.83 on macOS. Talos/Cisco documents describe a library-injection vulnerability enabled by libraries loaded via relative paths and the hardened runtime with the entitlement com.apple.security.cs.disable-library-validation set to true. An attacker coul...
CVE-2004-0848
CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...
CVE-2017-8513
CVE-2017-8513 is a remote code execution vulnerability in Microsoft PowerPoint (Office suite) caused by improper handling of objects in memory. CVSSv3 base score 7.8 (HIGH) with local attack vector, user interaction required. MITRE/attack details are not specified in the provided documents, and e...
CVE-2010-0034
CVE-2010-0034 is a vulnerability in Microsoft PowerPoint handling of the TextCharsAtom record that enables a stack-based buffer overflow on PowerPoint 2003 SP3 and related viewers. The issue allows remote code execution when a user opens a specially crafted PowerPoint file; the vulnerable compone...
CVE-2026-44803
CVE-2026-44803 describes an integer overflow/wraparound in Windows Win32K - GRFX that can allow a local attacker to execute code. The vulnerability is identified across multiple sources (NVD, CVE listing, and MSRC update page) and is classified with a high impact: local code execution, requiring ...
CVE-2015-0097
CVE-2015-0097 is an Office Local Zone Remote Code Execution vulnerability affecting Microsoft Office 2007 SP3 and Office 2010 SP2 (Word/Excel/PowerPoint). The root cause is improper handling of crafted Office documents that are processed in the HTML context of the local machine zone, allowing an ...
CVE-2011-0976
This CVE (CVE-2011-0976) covers a remote code execution in Microsoft PowerPoint via OfficeArt Atom handling. A crafted PowerPoint file containing an invalid Office Art container could trigger access to an uninitialized object, allowing arbitrary code execution or memory corruption. Affected produ...
CVE-2002-0152
The CVE-2002-0152 entry concerns a buffer overflow in Macintosh builds of several Microsoft applications. The vulnerability is triggered by the file:// directive when a large number of slashes (/) is supplied, allowing remote attackers to crash the affected applications or potentially execute arb...
CVE-2006-3590
Microsoft PowerPoint Mso.dll Vulnerability (CVE-2006-3590) affects PowerPoint 2000–2003 where parsing a malformed shape container in a PPT file can lead to remote code execution. The underlying issue is memory corruption when PowerPoint processes a specially crafted file, potentially via email at...
CVE-2018-8376
CVE-2018-8376 is a remote code execution vulnerability in Microsoft PowerPoint caused by improper handling of objects in memory. The flaw allows an attacker to execute arbitrary code when a user opens a specially crafted PowerPoint file or, in some scenarios, via web/email vectors. Exploitation r...
CVE-2011-1269
CVE-2011-1269 affects Microsoft PowerPoint and related Office components on Windows and Mac (PowerPoint 2002/2003/2007; Office for Mac 2004/2008; Open XML Converter for Mac; Office Compatibility Pack). The root cause is unspecified function calls during file parsing that mishandle memory, leading...
CVE-2011-1270
CVE-2011-1270 is a concrete PowerPoint remote code execution vulnerability. Affected products: Microsoft PowerPoint 2002 SP3 and 2003 SP3. The issue is a buffer/memory corruption during parsing of PowerPoint files, specifically involving the RecolorInfo Atom, which can be triggered by crafting a ...
CVE-2010-0033
The CVE-2010-0033 entry maps to a stack-based buffer overflow in Microsoft PowerPoint Viewer (TextBytesAtom records) affecting PowerPoint Viewer with Office 2003 SP3 and earlier (and Office 2004 for Mac). The vulnerability allows remote code execution via a crafted PowerPoint document; multiple s...
CVE-2009-0224
CVE-2009-0224 is a Memory Corruption Vulnerability in Microsoft PowerPoint. It affects PowerPoint and related components across Windows and Mac platforms (PowerPoint 2000/2002/2003/2007; PowerPoint Viewer 2003/2007; PowerPoint on Mac 2004/2008; Open XML Converter for Mac; Microsoft Works 8.5/9.0;...
CVE-2006-0022
CVE-2006-0022 describes a remote code execution vulnerability in Microsoft PowerPoint across multiple Office versions (2000 SP3, XP SP3, 2003 SP1/SP2, 2004 for Mac, and PowerPoint v. X for Mac) triggered by opening a PowerPoint document containing a malformed record. The root cause is memory corr...
CVE-2011-0656
Microsoft Office PowerPoint vulnerability CVE-2011-0656 arises from improper validation of PersistDirectoryEntry records in PowerPoint documents. A Slide containing a malformed record can trigger an exception and subsequent use of a malformed object, enabling remote code execution or memory corru...
CVE-2006-3449
CVE-2006-3449 describes a remote code execution in Microsoft PowerPoint 2000–2003 caused by parsing a malformed BIFF record in a PPT file. The vulnerability can be triggered when a user opens a crafted PPT document, potentially allowing attacker-controlled code execution in the user’s context (us...
CVE-2010-0032
CVE-2010-0032 is a use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 triggered by parsing OEPlaceholderAtom records in a crafted PowerPoint file, allowing remote code execution. Public advisories (MS10-004) and vendor patches address the flaw; affected products inc...
CVE-2010-0029
CVE-2010-0029 is a remote-code-execution vulnerability in Microsoft Office PowerPoint 2002 SP3 caused by a buffer/stack overflow when parsing crafted PowerPoint files (PowerPoint File Path Handling Buffer Overflow). The connected reports confirm this is part of a family of PowerPoint vulnerabilit...
CVE-2011-3413
CVE-2011-3413 affects Microsoft Office products including PowerPoint 2007 SP2, Office 2008 for Mac, Office Compatibility Pack SP2, and PowerPoint Viewer 2007 SP2. The root cause is improper handling of OfficeArt shape records in PowerPoint documents, leading to memory corruption that can enable r...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...