Lucene search
K
MicrosoftWord

257 matches found

CVE
CVE
added 2018/01/10 1:0 a.m.2387 views

CVE-2018-0802

CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...

9.3CVSS8.5AI score0.93289EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.1316 views

CVE-2018-0798

The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...

9.3CVSS8.8AI score0.95121EPSS
In wild
CVE
CVE
added 2015/04/14 8:0 p.m.1220 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1182 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2012/12/12 12:0 a.m.997 views

CVE-2012-2539

CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...

9.3CVSS8.2AI score0.53159EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.955 views

CVE-2016-7193

Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...

9.3CVSS7.8AI score0.57705EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.937 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81627EPSS
In wild
CVE
CVE
added 2015/07/14 9:0 p.m.936 views

CVE-2015-2424

CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...

9.3CVSS9.3AI score0.38497EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.811 views

CVE-2023-36761

CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...

6.5CVSS6AI score0.18959EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.686 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.570 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.382 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01177EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.307 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
CVE
CVE
added 2024/11/12 5:54 p.m.285 views

CVE-2024-49033

CVE-2024-49033 – Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...

7.5CVSS7.4AI score0.02072EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.248 views

CVE-2024-21379

CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...

7.8CVSS7.8AI score0.01719EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.236 views

CVE-2021-40486

CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...

7.8CVSS7.7AI score0.05692EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.234 views

CVE-2022-24511

Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.

5.5CVSS5.6AI score0.00999EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.225 views

CVE-2022-26903

Technical details about CVE-2022-26903 (affected components, root cause, impact, and fixes) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases for official disclosures and remediation information.

9.3CVSS8.8AI score0.02516EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.215 views

CVE-2023-29335

CVE-2023-29335 – Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...

7.5CVSS7.4AI score0.01164EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2018/01/10 1:0 a.m.206 views

CVE-2018-0812

The CVE-2018-0812 entry describes a remote code execution vulnerability in Equation Editor across Office products (Word/Office 2003, 2007, 2010, 2013, 2016) due to how objects are handled in memory. The issue affects Word/Office components when processing crafted files, enabling code execution on...

9.3CVSS8.2AI score0.23877EPSS
In wild
CVE
CVE
added 2019/08/14 8:55 p.m.204 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.204 views

CVE-2020-0760

CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...

8.8CVSS8.5AI score0.0861EPSS
CVE
CVE
added 2021/07/16 8:19 p.m.203 views

CVE-2021-34452

CVE-2021-34452 is a Microsoft Word remote code execution vulnerability affecting Word/Office components. Documented CVSSv3.1 score 7.8 HIGH with LOCAL attack vector, LOW complexity, NONE privileges, UI interaction required, and HIGH confidentiality/integrity/availability impacts. The vulnerabilit...

7.8CVSS7.8AI score0.02037EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.194 views

CVE-2020-16933

Microsoft Word contains a security feature bypass (CVE-2020-16933) due to improper handling of .LNK files. An attacker can craft a .LNK file to perform actions in the current user’s security context when a user opens it (email or web delivery scenarios described). The vulnerability can lead to co...

8.8CVSS6.9AI score0.02534EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.180 views

CVE-2022-21842

CVE-2022-21842 is a Microsoft Word remote code execution vulnerability. Connected sources indicate Word-related RCE, with exploits requiring user interaction or social engineering in some contexts, and that patches exist as part of January 2022 updates (e.g., KB5002113/KB5002118 for Word/SharePoi...

7.8CVSS7.8AI score0.02271EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.179 views

CVE-2022-29107

CVE-2022-29107 is a Microsoft Office security feature bypass vulnerability reported across Office components (Word/Office C2R). Connected sources describe a vulnerability that allows bypassing security features and performing unauthorized actions, with security updates issued in May 2022 (C2R/Wor...

5.5CVSS5.6AI score0.02686EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.176 views

CVE-2020-1223

CVE-2020-1223 : A remote code execution vulnerability in Microsoft Word for Android exists when the application fails to properly handle certain files, requiring a user to open a specially crafted URL file. From multiple sources, including NVD, Red Hat, CNVD, CNVD, and Microsoft advisory, the iss...

8.8CVSS8.5AI score0.08045EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.173 views

CVE-2016-0025

CVE-2016-0025 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution via a crafted Office document. Affected software includes Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Wo...

9.3CVSS7.2AI score0.16722EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.172 views

CVE-2021-28453

CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...

7.8CVSS7.8AI score0.04068EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.170 views

CVE-2021-31177

CVE-2021-31177 is a Microsoft Office/Excel remote code execution vulnerability. Connected sources confirm affected products include Microsoft Office and Excel (C2R and MSI variants) with the issue originating from Office/Excel handling crafted content. Patches released May 11, 2021 (KB5001918 for...

7.8CVSS7.8AI score0.03073EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.163 views

CVE-2013-3848

CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...

9.3CVSS7.5AI score0.21139EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.161 views

CVE-2021-31180

CVE-2021-31180 corresponds to a Microsoft Office Graphics remote code execution vulnerability. The NVD entry identifies it as affecting Microsoft Office Graphics, with a base CVSS 3.1 score of 7.8 (HIGH), and notes potential high impact to confidentiality, integrity, and availability upon exploit...

7.8CVSS7.8AI score0.02343EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.158 views

CVE-2021-1715

CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.156 views

CVE-2012-2528

CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...

9.3CVSS7.5AI score0.22117EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.156 views

CVE-2020-0850

CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...

8.8CVSS7.9AI score0.0861EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.154 views

CVE-2012-0183

CVE-2012-0183 affects Microsoft Word 2003 SP3, Word 2007 SP2/SP3, Word 2008/2011 for Mac, and Office Compatibility Pack SP2/SP3. The vulnerability arises in parsing crafted RTF data, causing memory corruption that can allow remote code execution or denial of service. The issue is addressed by Mic...

9.3CVSS7.7AI score0.24412EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.153 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.18238EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.149 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.149 views

CVE-2018-0793

CVE-2018-0793 is a remote code execution vulnerability in Microsoft Outlook (and related Office components) triggered by parsing email messages. The OpenVAS/macOS Nessus entries confirm the issue affecting Outlook parsing and the macOS Office stack, with unrelated Word updates listed in connected...

9.3CVSS8.3AI score0.2057EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.149 views

CVE-2020-1583

CVE-2020-1583 is a Microsoft Word information-disclosure vulnerability. An attacker could craft a document to cause Word to inappropriately disclose memory contents, enabling data compromise if the memory location of created objects is known. The vulnerability is triggered by memory handling of W...

8.8CVSS7.9AI score0.04906EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.148 views

CVE-2019-1461

CVE-2019-1461 is a denial-of-service vulnerability in Microsoft Word where the program fails to properly handle objects in memory. An attacker can trigger a remote DoS by sending a specially crafted document that, when opened, crashes Word or makes the system unavailable. The vulnerability has ne...

7.1CVSS6.1AI score0.04643EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.147 views

CVE-2013-3850

CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.146 views

CVE-2021-31178

CVE-2021-31178 is described in the connected documents as an information-disclosure vulnerability in Microsoft Office. The Nessus/OpenVAS entries reference this CVE as part of the Office May 2021 vulnerability set and note affected products (Office/Excel) and the need for security updates, listin...

5.5CVSS6.1AI score0.16012EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.144 views

CVE-2013-3856

CVE-2013-3856 affects Microsoft Word 2003 SP3 and Word Viewer. A memory corruption flaw in crafted Office documents allows remote code execution or a denial of service. Affected products are Word 2003 SP3 and Word Viewer; the vulnerability is addressed by Microsoft MS13-072 (security update). The...

9.3CVSS7.6AI score0.20145EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.141 views

CVE-2020-0980

CVE-2020-0980 is a Microsoft Word remote code execution vulnerability caused by improper handling of in-memory objects. It affects Word/Office when parsing crafted files; the impact is potential code execution in the current user context. In public docs, the vulnerability is addressed by the Offi...

9.3CVSS8.3AI score0.11548EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.139 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.139 views

CVE-2025-27747

CVE-2025-27747 is a Use-After-Free vulnerability in Microsoft Word (Office) that can allow an attacker to execute arbitrary code. The CVE is documented as affecting Word with a local attack vector and high impact (execution of code, confidentiality/integrity/availability potentially impacted). Pu...

7.8CVSS7.8AI score0.00742EPSS
Total number of security vulnerabilities257