Word Security Vulnerabilities and Issues — Word CVE List

Lucene search

MicrosoftWord

232 matches found

CVE•added 2018/01/10 1:29 a.m.•2248 views

CVE-2018-0802

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 a...

9.3CVSS8.5AI score0.94103EPSS

CVE•added 2018/01/10 1:29 a.m.•1241 views

CVE-2018-0798

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

9.3CVSS8.8AI score0.9418EPSS

CVE•added 2015/04/14 8:59 p.m.•1154 views

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitra...

9.3CVSS9.4AI score0.9353EPSS

CVE•added 2019/01/08 9:29 p.m.•1134 views

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsof...

9.3CVSS8.3AI score0.32912EPSS

CVE•added 2014/03/25 1:24 p.m.•996 views

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers ...

9.3CVSS9.3AI score0.92827EPSS

CVE•added 2012/12/12 12:55 a.m.•944 views

CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote ...

9.3CVSS8.2AI score0.81896EPSS

CVE•added 2015/07/14 9:59 p.m.•916 views

CVE-2015-2424

Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Mem...

9.3CVSS9.3AI score0.76606EPSS

CVE•added 2017/10/13 1:29 p.m.•914 views

CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly h...

9.3CVSS7.9AI score0.89654EPSS

CVE•added 2016/10/14 2:59 a.m.•906 views

CVE-2016-7193

Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 201...

9.3CVSS7.8AI score0.78411EPSS

CVE•added 2023/09/12 5:15 p.m.•756 views

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability

6.5CVSS6AI score0.0371EPSS

CVE•added 2023/02/14 8:15 p.m.•575 views

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.91212EPSS

CVE•added 2023/09/12 5:15 p.m.•537 views

CVE-2023-36762

Microsoft Word Remote Code Execution Vulnerability

7.3CVSS7.3AI score0.00128EPSS

CVE•added 2024/02/13 6:15 p.m.•349 views

CVE-2024-20673

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.00408EPSS

CVE•added 2024/11/12 6:15 p.m.•261 views

CVE-2024-49033

Microsoft Word Security Feature Bypass Vulnerability

7.5CVSS7.4AI score0.03753EPSS

CVE•added 2017/05/12 2:29 p.m.•238 views

CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Serve...

9.3CVSS8.1AI score0.92255EPSS

CVE•added 2024/02/13 6:15 p.m.•232 views

CVE-2024-21379

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00411EPSS

CVE•added 2022/03/09 5:15 p.m.•216 views

CVE-2022-24511

Microsoft Office Word Tampering Vulnerability

5.5CVSS5.6AI score0.00689EPSS

CVE•added 2022/04/15 7:15 p.m.•208 views

CVE-2022-26903

Windows Graphics Component Remote Code Execution Vulnerability

9.3CVSS8.8AI score0.01609EPSS

CVE•added 2023/05/09 6:15 p.m.•193 views

CVE-2023-29335

Microsoft Word Security Feature Bypass Vulnerability

7.5CVSS7.4AI score0.00434EPSS

CVE•added 2021/07/16 9:15 p.m.•191 views

CVE-2021-34452

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0082EPSS

CVE•added 2021/10/13 1:15 a.m.•185 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.02746EPSS

CVE•added 2020/07/14 11:15 p.m.•179 views

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2020/10/16 11:15 p.m.•175 views

CVE-2020-16933

<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file...

8.8CVSS6.6AI score0.0284EPSS

CVE•added 2018/01/10 1:29 a.m.•166 views

CVE-2018-0797

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".

9.3CVSS8.2AI score0.44732EPSS

CVE•added 2020/04/15 3:15 p.m.•166 views

CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

8.8CVSS8.5AI score0.34566EPSS

CVE•added 2020/06/09 8:15 p.m.•156 views

CVE-2020-1223

A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word fo...

8.8CVSS8.5AI score0.36771EPSS

CVE•added 2019/08/14 9:15 p.m.•155 views

CVE-2019-1201

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then...

9.3CVSS7.8AI score0.12398EPSS

CVE•added 2022/05/10 9:15 p.m.•155 views

CVE-2022-29107

Microsoft Office Security Feature Bypass Vulnerability

5.5CVSS5.6AI score0.02947EPSS

CVE•added 2021/05/11 7:15 p.m.•153 views

CVE-2021-31177

Microsoft Office Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.03529EPSS

CVE•added 2018/01/10 1:29 a.m.•152 views

CVE-2018-0812

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".

9.3CVSS8.2AI score0.38537EPSS

CVE•added 2023/08/08 6:15 p.m.•150 views

CVE-2023-36895

Microsoft Outlook Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00564EPSS

CVE•added 2022/01/11 9:15 p.m.•148 views

CVE-2022-21842

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01897EPSS

CVE•added 2013/09/11 2:3 p.m.•146 views

CVE-2013-3848

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS

CVE•added 2021/04/13 8:15 p.m.•145 views

CVE-2021-28453

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0241EPSS

CVE•added 2016/06/16 1:59 a.m.•143 views

CVE-2016-0025

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Offi...

9.3CVSS7.2AI score0.2879EPSS

CVE•added 2021/05/11 7:15 p.m.•140 views

CVE-2021-31180

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.03334EPSS

CVE•added 2012/10/09 9:55 p.m.•139 views

CVE-2012-2528

Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF...

9.3CVSS7.5AI score0.5747EPSS

CVE•added 2012/05/09 12:55 a.m.•138 views

CVE-2012-0183

Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."

9.3CVSS7.7AI score0.62114EPSS

CVE•added 2021/01/12 8:15 p.m.•136 views

CVE-2021-1715

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.0208EPSS

CVE•added 2013/09/11 2:3 p.m.•133 views

CVE-2013-3856

Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.52849EPSS

CVE•added 2020/03/12 4:15 p.m.•133 views

CVE-2020-0850

8.8CVSS7.9AI score0.33652EPSS

CVE•added 2013/09/11 2:3 p.m.•132 views

CVE-2013-3850

Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.52849EPSS

CVE•added 2020/08/17 7:15 p.m.•131 views

CVE-2020-1583

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

8.8CVSS8AI score0.18011EPSS

CVE•added 2021/05/11 7:15 p.m.•130 views

CVE-2021-31178

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6.1AI score0.14912EPSS

CVE•added 2017/06/15 1:29 a.m.•128 views

CVE-2017-8509

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2013/10/09 2:53 p.m.•126 views

CVE-2013-3891

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.47766EPSS

CVE•added 2018/01/10 1:29 a.m.•125 views

CVE-2018-0793

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.

9.3CVSS8.3AI score0.41375EPSS

CVE•added 2013/09/11 2:3 p.m.•124 views

CVE-2013-3852

Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.52849EPSS

CVE•added 2013/09/11 2:3 p.m.•122 views

CVE-2013-3854

Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3853.

9.3CVSS7.6AI score0.52849EPSS

CVE•added 2019/05/16 7:29 p.m.•119 views

CVE-2019-0953

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS7.9AI score0.25636EPSS

Total number of security vulnerabilities232