Lucene search

K
MicrosoftProject

32 matches found

CVE
CVE
added 2024/08/13 6:15 p.m.235 views

CVE-2024-38189

Microsoft Project Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.38016EPSS
CVE
CVE
added 2020/04/15 3:15 p.m.166 views

CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

8.8CVSS8.5AI score0.34566EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.133 views

CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3CVSS7.2AI score0.43234EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.119 views

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS7.9AI score0.54154EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.119 views

CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS9.7AI score0.48214EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.112 views

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy oper...

9.3CVSS7.6AI score0.75514EPSS
CVE
CVE
added 2020/07/14 11:15 p.m.108 views

CVE-2020-1449

A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.

9.3CVSS7.9AI score0.14767EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.105 views

CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP...

9.3CVSS9.7AI score0.42403EPSS
CVE
CVE
added 2019/09/11 10:15 p.m.105 views

CVE-2019-1264

A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

7.8CVSS7.5AI score0.07973EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.97 views

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office E...

9.3CVSS9.7AI score0.42434EPSS
CVE
CVE
added 2020/06/09 8:15 p.m.88 views

CVE-2020-1322

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.

6.5CVSS5.9AI score0.25134EPSS
CVE
CVE
added 2015/11/11 11:59 a.m.85 views

CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Projec...

9.3CVSS6.8AI score0.20241EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.83 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.81 views

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project...

9.3CVSS9.7AI score0.46054EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.72 views

CVE-2006-3877

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-20...

9.3CVSS7.1AI score0.55161EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.72 views

CVE-2008-4254

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll m...

8.5CVSS7.5AI score0.55037EPSS
CVE
CVE
added 2018/11/14 1:29 a.m.72 views

CVE-2018-8575

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

9.3CVSS8AI score0.20332EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.69 views

CVE-2004-0848

Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.

7.5CVSS7.8AI score0.42122EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.69 views

CVE-2008-4256

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted H...

8.5CVSS7.3AI score0.57462EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.64 views

CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demo...

7.5CVSS7.8AI score0.42713EPSS
CVE
CVE
added 2007/02/03 1:28 a.m.61 views

CVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

9.3CVSS7.5AI score0.62106EPSS
CVE
CVE
added 2003/10/20 4:0 a.m.58 views

CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.

10CVSS8AI score0.70456EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.58 views

CVE-2008-4255

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote ...

9.3CVSS7.7AI score0.53439EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.57 views

CVE-1999-0384

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

4.6CVSS6.8AI score0.00272EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.57 views

CVE-2006-3864

Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "...

9.3CVSS7.2AI score0.54494EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.54 views

CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via...

8.5CVSS7.3AI score0.57462EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.51 views

CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

7.5CVSS6.7AI score0.10948EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.48 views

CVE-2008-4252

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of th...

8.5CVSS7.3AI score0.57462EPSS
CVE
CVE
added 2008/04/08 11:5 p.m.40 views

CVE-2008-1088

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

9.3CVSS7.4AI score0.56734EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.33 views

CVE-2002-0860

The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.

5CVSS6.6AI score0.24972EPSS
CVE
CVE
added 2002/09/24 4:0 a.m.33 views

CVE-2002-0861

Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.

7.5CVSS7.1AI score0.06153EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.30 views

CVE-2002-0727

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

7.5CVSS8AI score0.1013EPSS