Lucene search
K
MicrosoftWord Viewer

87 matches found

CVE
CVE
added 2013/11/06 11:0 a.m.1132 views

CVE-2013-3906

CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...

9.3CVSS9.4AI score0.84971EPSS
In wild
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.955 views

CVE-2016-7193

Summary of CVE-2016-7193 : A memory corruption flaw in Microsoft Office’s handling of RTF documents allows remote code execution on affected Office products (Word 2007 SP2, Office 2010 SP2, Word 2013/2016, Word for Mac variants, Office Web Apps Server, etc.). The root cause is a vulnerability in ...

9.3CVSS7.8AI score0.57705EPSS
In wild
CVE
CVE
added 2015/07/14 9:0 p.m.936 views

CVE-2015-2424

CVE-2015-2424: Microsoft Office memory corruption in PowerPoint/Word components allows remote code execution or memory corruption via a crafted Office document. Affected products include PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, an...

9.3CVSS9.3AI score0.38497EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.222 views

CVE-2016-7182

CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...

10CVSS8.7AI score0.30323EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2015/12/09 11:0 a.m.211 views

CVE-2015-6108

CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...

9.3CVSS7.4AI score0.25998EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.184 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.166 views

CVE-2017-0108

CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...

9.3CVSS7AI score0.5047EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.163 views

CVE-2013-3848

CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...

9.3CVSS7.5AI score0.21139EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.157 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.157 views

CVE-2012-2528

CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...

9.3CVSS7.5AI score0.22117EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2008/05/13 10:0 p.m.152 views

CVE-2008-1434

CVE-2008-1434 describes a remote code execution vulnerability in Microsoft Word caused by a memory handling error when processing a Word file containing a malformed CSS value. The issue affects Word across multiple products/versions (Office 2000 SP3, Word 2000; Word XP SP3; Word 2003 SP2/SP3; Wor...

9.3CVSS7.2AI score0.30869EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.147 views

CVE-2013-3850

CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.145 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.144 views

CVE-2013-3856

CVE-2013-3856 affects Microsoft Word 2003 SP3 and Word Viewer. A memory corruption flaw in crafted Office documents allows remote code execution or a denial of service. Affected products are Word 2003 SP3 and Word Viewer; the vulnerability is addressed by Microsoft MS13-072 (security update). The...

9.3CVSS7.6AI score0.20145EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.141 views

CVE-2016-0145

CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...

9.3CVSS7.7AI score0.43272EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.139 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.136 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.136 views

CVE-2013-3852

CVE-2013-3852 affects Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability is a memory corruption flaw in Word that can be triggered by a crafted Office document, enabling remote code execution or a denial of service. The OpenVAS...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.135 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.132 views

CVE-2018-8432

CVE-2018-8432 is a remote code execution in Microsoft Graphics Components. It affects Windows and Office components (e.g., Office, Word Viewer, Excel Viewer, PowerPoint Viewer) across multiple Windows and Office versions; the underlying issue is how Graphics Components handle objects in memory. E...

9.3CVSS8.2AI score0.19629EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.130 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.129 views

CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

5.5CVSS6AI score0.53653EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.127 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.121 views

CVE-2016-3313

CVE-2016-3313 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution when a user opens a crafted Office file. The CVE description lists affected software as Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, plus Word 2016 for Mac and Word Vie...

9.3CVSS7.6AI score0.49831EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.117 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.114 views

CVE-2019-0540

CVE-2019-0540 is a security feature bypass in Microsoft Office where URLs are not properly validated, enabling phishing-style credential theft when a victim opens a specially crafted file (Word component). The vulnerability is addressed by Microsoft Office security updates released in February 20...

5.5CVSS5.5AI score0.12783EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.113 views

CVE-2016-3303

CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.111 views

CVE-2016-0022

CVE-2016-0022 corresponds to a memory corruption vulnerability in Microsoft Office components (Word and related Word/Office Suite on Windows and Mac) that could allow remote code execution via a crafted Office document. Connected sources indicate this is tied to MS16-015 and affects Word 2007 SP3...

9.3CVSS7.7AI score0.19541EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.110 views

CVE-2016-3234

CVE-2016-3234 affects Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint 2010 SP2/2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1. The root cause is an information disclosure flaw that...

5.5CVSS5.4AI score0.26488EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.107 views

CVE-2016-3396

CVE-2016-3396 is a GDI+ remote code execution in Graphics Device Interface (GDI) that allows a remote attacker to execute arbitrary code via a crafted embedded font. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R...

9.3CVSS8.9AI score0.24376EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.104 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.104 views

CVE-2016-3357

CVE-2016-3357 is a Microsoft Office memory corruption vulnerability: multiple Office components (Word/Excel/PowerPoint and related servers) allow remote code execution via a crafted document. Root cause cited as improper handling of objects in memory. Affected products span Office 2007 SP3 throug...

9.3CVSS7.6AI score0.54809EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.103 views

CVE-2016-0198

Microsoft Office memory corruption vulnerability CVE-2016-0198 allows remote code execution when processing specially crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac...

9.3CVSS7.8AI score0.29354EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.102 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.102 views

CVE-2017-0053

Technical details about CVE-2017-0053 are not publicly provided in the supplied documents; monitor for future updates.

9.3CVSS6.7AI score0.16744EPSS
CVE
CVE
added 2014/01/15 2:0 a.m.99 views

CVE-2014-0258

CVE-2014-0258 affects Microsoft Word 2003 SP3, Word 2007 SP3, Office Compatibility Pack SP3, and Word Viewer. The root cause is memory corruption when parsing crafted Office files, enabling remote code execution (and potential DoS) in the context of the user. Connected advisories confirm MS14-001...

9.3CVSS8.6AI score0.15564EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.99 views

CVE-2016-0127

CVE-2016-0127 affects Microsoft Office components: Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2/2013 SP1, and Office Web Apps 2010 SP2/Server 2013 SP1. Description...

9.3CVSS7.8AI score0.21137EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.99 views

CVE-2016-0134

CVE-2016-0134 affects multiple Microsoft Office products, including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word for Mac 2011/2016, Office Compatibility Pack SP3, and related SharePoint/Web Apps components. The vulnerability is described as a memory corrupt...

9.3CVSS7.7AI score0.22285EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.98 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12199EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.98 views

CVE-2016-3263

CVE-2016-3263 concerns a GDI+/Graphics Device Interface information-disclosure issue across multiple Windows platforms (Vista SP2 through Windows 10 1607, Windows Server equivalents) that allows remote attackers to bypass ASLR via unspecified vectors. Affected components are GDI/GDI+ in Windows a...

5.5CVSS6AI score0.31976EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.97 views

CVE-2015-6107

CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...

9.3CVSS7.5AI score0.18247EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.96 views

CVE-2016-3282

CVE-2016-3282 is a Microsoft Office remote code execution vulnerability arising from memory corruption in Office components (Word, Word Automation Services, SharePoint-related components, etc.). It affects a broad set of Office products across Windows and macOS (Word 2007 SP3, Office 2010 SP2, Wo...

9.3CVSS7.6AI score0.26291EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.95 views

CVE-2015-1651

CVE-2015-1651 is a use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The flaw allows remote code execution via a crafted Office document. Root cause: use-after-free in Office components when parsing Office files. Exploitation context: remote ...

9.3CVSS7.5AI score0.16593EPSS
CVE
CVE
added 2007/02/03 1:0 a.m.94 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
CVE
CVE
added 2015/11/11 11:0 a.m.94 views

CVE-2015-6091

CVE-2015-6091 is a Microsoft Office memory‑corruption vulnerability that allows remote code execution when parsing crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word Viewer, and related Office/Web Apps component...

9.3CVSS7.5AI score0.14534EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.94 views

CVE-2016-7233

CVE-2016-7233 is an information-disclosure/out-of-bounds-read vulnerability in multiple Microsoft Office components (e.g., Word 2007, Office 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Web Apps 2010 SP2, SharePoint 2013 components, and Office Automation Services). A craft...

6.5CVSS6.3AI score0.22384EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.93 views

CVE-2016-3317

CVE-2016-3317 describes a memory corruption vulnerability in Microsoft Office components (Office 2010 SP2, Word 2007 SP3/2010 SP2, Word for Mac 2011, Word 2016 for Mac, Word Viewer) that could allow remote code execution when a user opens a crafted file. The issue is part of multiple related Offi...

9.3CVSS7.6AI score0.22127EPSS
Total number of security vulnerabilities87