5 matches found
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2019-1264
Summary (CVE-2019-1264) : A security feature bypass in Microsoft Office arises from improper handling of input within Office components. Connected sources confirm this as a Microsoft Office input-handling vulnerability that can allow an attacker to execute arbitrary commands when a user opens a s...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2020-1322
Microsoft Project information disclosure vulnerability (CVE-2020-1322) stems from an uninitialized variable causing out-of-bounds memory reads. Affected products seen in connected docs include Project 2013 and Project 2016. Microsoft released security updates on June 9, 2020 (KB4484369 for Projec...
CVE-2018-8575
CVE-2018-8575 is a remote code execution vulnerability in Microsoft Project family products (Microsoft Project, Office 365 ProPlus, Microsoft Project Server) arising when the program fails to properly handle objects in memory. The open-source and vulnerability feeds in the connected documents cor...