257 matches found
CVE-2018-0802
CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...
CVE-2018-0798
The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...
CVE-2015-1641
CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...
CVE-2019-0585
CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...
CVE-2014-1761
CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...
CVE-2012-2539
CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...
CVE-2016-7193
Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...
CVE-2017-11826
CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...
CVE-2015-2424
CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...
CVE-2023-36761
CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2023-36762
CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...
CVE-2024-20673
CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...
CVE-2017-0281
CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...
CVE-2024-49033
CVE-2024-49033 – Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...
CVE-2024-21379
CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...
CVE-2021-40486
CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...
CVE-2022-24511
Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.
CVE-2022-26903
Technical details about CVE-2022-26903 (affected components, root cause, impact, and fixes) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases for official disclosures and remediation information.
CVE-2023-29335
CVE-2023-29335 – Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...
CVE-2018-0797
CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...
CVE-2018-0812
The CVE-2018-0812 entry describes a remote code execution vulnerability in Equation Editor across Office products (Word/Office 2003, 2007, 2010, 2013, 2016) due to how objects are handled in memory. The issue affects Word/Office components when processing crafted files, enabling code execution on...
CVE-2019-1201
CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2021-34452
CVE-2021-34452 is a Microsoft Word remote code execution vulnerability affecting Word/Office components. Documented CVSSv3.1 score 7.8 HIGH with LOCAL attack vector, LOW complexity, NONE privileges, UI interaction required, and HIGH confidentiality/integrity/availability impacts. The vulnerabilit...
CVE-2020-1446
The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...
CVE-2020-16933
Microsoft Word contains a security feature bypass (CVE-2020-16933) due to improper handling of .LNK files. An attacker can craft a .LNK file to perform actions in the current user’s security context when a user opens it (email or web delivery scenarios described). The vulnerability can lead to co...
CVE-2022-21842
CVE-2022-21842 is a Microsoft Word remote code execution vulnerability. Connected sources indicate Word-related RCE, with exploits requiring user interaction or social engineering in some contexts, and that patches exist as part of January 2022 updates (e.g., KB5002113/KB5002118 for Word/SharePoi...
CVE-2022-29107
CVE-2022-29107 is a Microsoft Office security feature bypass vulnerability reported across Office components (Word/Office C2R). Connected sources describe a vulnerability that allows bypassing security features and performing unauthorized actions, with security updates issued in May 2022 (C2R/Wor...
CVE-2020-1223
CVE-2020-1223 : A remote code execution vulnerability in Microsoft Word for Android exists when the application fails to properly handle certain files, requiring a user to open a specially crafted URL file. From multiple sources, including NVD, Red Hat, CNVD, CNVD, and Microsoft advisory, the iss...
CVE-2016-0025
CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...
CVE-2021-28453
CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...
CVE-2021-31177
CVE-2021-31177 is a Microsoft Office/Excel remote code execution vulnerability. Connected sources confirm affected products include Microsoft Office and Excel (C2R and MSI variants) with the issue originating from Office/Excel handling crafted content. Patches released May 11, 2021 (KB5001918 for...
CVE-2013-3848
CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...
CVE-2021-31180
CVE-2021-31180 corresponds to a Microsoft Office Graphics remote code execution vulnerability. The NVD entry identifies it as affecting Microsoft Office Graphics, with a base CVSS 3.1 score of 7.8 (HIGH), and notes potential high impact to confidentiality, integrity, and availability upon exploit...
CVE-2021-1715
CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...
CVE-2012-2528
CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...
CVE-2020-0850
CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...
CVE-2012-0183
CVE-2012-0183 affects Microsoft Word 2003 SP3, Word 2007 SP2/SP3, Word 2008/2011 for Mac, and Office Compatibility Pack SP2/SP3. The vulnerability arises in parsing crafted RTF data, causing memory corruption that can allow remote code execution or denial of service. The issue is addressed by Mic...
CVE-2017-8509
CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2018-0793
CVE-2018-0793 is a remote code execution vulnerability in Microsoft Outlook (and related Office components) triggered by parsing email messages. The OpenVAS/macOS Nessus entries confirm the issue affecting Outlook parsing and the macOS Office stack, with unrelated Word updates listed in connected...
CVE-2020-1583
CVE-2020-1583 is a Microsoft Word information-disclosure vulnerability. An attacker could craft a document to cause Word to inappropriately disclose memory contents, enabling data compromise if the memory location of created objects is known. The vulnerability is triggered by memory handling of W...
CVE-2019-1461
CVE-2019-1461 is a denial-of-service vulnerability in Microsoft Word where the program fails to properly handle objects in memory. An attacker can trigger a remote DoS by sending a specially crafted document that, when opened, crashes Word or makes the system unavailable. The vulnerability has ne...
CVE-2013-3850
CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...
CVE-2021-31178
CVE-2021-31178 is described in the connected documents as an information-disclosure vulnerability in Microsoft Office. The Nessus/OpenVAS entries reference this CVE as part of the Office May 2021 vulnerability set and note affected products (Office/Excel) and the need for security updates, listin...
CVE-2013-3856
CVE-2013-3856 affects Microsoft Word 2003 SP3 and Word Viewer. A memory corruption flaw in crafted Office documents allows remote code execution or a denial of service. Affected products are Word 2003 SP3 and Word Viewer; the vulnerability is addressed by Microsoft MS13-072 (security update). The...
CVE-2020-0980
CVE-2020-0980 is a Microsoft Word remote code execution vulnerability caused by improper handling of in-memory objects. It affects Word/Office when parsing crafted files; the impact is potential code execution in the current user context. In public docs, the vulnerability is addressed by the Offi...
CVE-2017-0254
CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...
CVE-2025-27747
CVE-2025-27747 is a Use-After-Free vulnerability in Microsoft Word (Office) that can allow an attacker to execute arbitrary code. The CVE is documented as affecting Word with a local attack vector and high impact (execution of code, confidentiality/integrity/availability potentially impacted). Pu...