Lucene search
+L

52 matches found

CVE
CVE
added 2018/01/10 1:0 a.m.215 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2013/01/09 6:0 p.m.192 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.166 views

CVE-2013-3848

CVE-2013-3848 affects Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer, allowing remote code execution or memory corruption via a crafted Off...

9.3CVSS7.5AI score0.21139EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.159 views

CVE-2012-2528

CVE-2012-2528 is a use-after-free remote code execution vulnerability in Microsoft Word and related components triggered by specially crafted RTF documents. Affected products include Word 2003 SP3, Word 2007 SP2/SP3, Word 2010 SP1, Word Viewer, Office Compatibility Pack SP2/SP3, Word Automation S...

9.3CVSS7.5AI score0.22117EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.148 views

CVE-2013-3850

CVE-2013-3850 is a memory corruption vulnerability in Microsoft Word components that allows remote code execution or a denial of service when processing a crafted Office document. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3, and Word Viewer. Root...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.145 views

CVE-2013-3856

CVE-2013-3856 affects Microsoft Word 2003 SP3 and Word Viewer. A memory corruption flaw in crafted Office documents allows remote code execution or a denial of service. Affected products are Word 2003 SP3 and Word Viewer; the vulnerability is addressed by Microsoft MS13-072 (security update). The...

9.3CVSS7.6AI score0.20145EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.145 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.143 views

CVE-2016-0145

CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...

9.3CVSS7.7AI score0.43272EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.139 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.138 views

CVE-2013-3852

CVE-2013-3852 affects Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability is a memory corruption flaw in Word that can be triggered by a crafted Office document, enabling remote code execution or a denial of service. The OpenVAS...

9.3CVSS7.6AI score0.20043EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.137 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.133 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.123 views

CVE-2016-3313

CVE-2016-3313 is a memory corruption vulnerability in Microsoft Office products that allows remote code execution when a user opens a crafted Office file. The CVE description lists affected software as Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, plus Word 2016 for Mac and Word Vie...

9.3CVSS7.6AI score0.49831EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.116 views

CVE-2016-3303

CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.114 views

CVE-2016-0022

CVE-2016-0022 corresponds to a memory corruption vulnerability in Microsoft Office components (Word and related Word/Office Suite on Windows and Mac) that could allow remote code execution via a crafted Office document. Connected sources indicate this is tied to MS16-015 and affects Word 2007 SP3...

9.3CVSS7.7AI score0.19541EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.111 views

CVE-2016-3234

CVE-2016-3234 affects Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint 2010 SP2/2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1. The root cause is an information disclosure flaw that...

5.5CVSS5.4AI score0.24075EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.107 views

CVE-2016-3357

CVE-2016-3357 is a Microsoft Office memory corruption vulnerability: multiple Office components (Word/Excel/PowerPoint and related servers) allow remote code execution via a crafted document. Root cause cited as improper handling of objects in memory. Affected products span Office 2007 SP3 throug...

9.3CVSS7.6AI score0.54809EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.106 views

CVE-2016-0134

CVE-2016-0134 affects multiple Microsoft Office products, including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word for Mac 2011/2016, Office Compatibility Pack SP3, and related SharePoint/Web Apps components. The vulnerability is described as a memory corrupt...

9.3CVSS7.7AI score0.20612EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.106 views

CVE-2016-0198

Microsoft Office memory corruption vulnerability CVE-2016-0198 allows remote code execution when processing specially crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac...

9.3CVSS7.8AI score0.29354EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.105 views

CVE-2017-0053

Technical details about CVE-2017-0053 are not publicly provided in the supplied documents; monitor for future updates.

9.3CVSS6.7AI score0.16744EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.103 views

CVE-2016-0127

CVE-2016-0127 affects Microsoft Office components: Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2/2013 SP1, and Office Web Apps 2010 SP2/Server 2013 SP1. Description...

9.3CVSS7.8AI score0.19541EPSS
CVE
CVE
added 2014/01/15 2:0 a.m.102 views

CVE-2014-0258

CVE-2014-0258 affects Microsoft Word 2003 SP3, Word 2007 SP3, Office Compatibility Pack SP3, and Word Viewer. The root cause is memory corruption when parsing crafted Office files, enabling remote code execution (and potential DoS) in the context of the user. Connected advisories confirm MS14-001...

9.3CVSS8.6AI score0.15564EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.101 views

CVE-2016-3282

CVE-2016-3282 is a Microsoft Office remote code execution vulnerability arising from memory corruption in Office components (Word, Word Automation Services, SharePoint-related components, etc.). It affects a broad set of Office products across Windows and macOS (Word 2007 SP3, Office 2010 SP2, Wo...

9.3CVSS7.6AI score0.26291EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.98 views

CVE-2015-1651

CVE-2015-1651 is a use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The flaw allows remote code execution via a crafted Office document. Root cause: use-after-free in Office components when parsing Office files. Exploitation context: remote ...

9.3CVSS7.5AI score0.16593EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.98 views

CVE-2015-6091

CVE-2015-6091 is a Microsoft Office memory‑corruption vulnerability that allows remote code execution when parsing crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Word Viewer, and related Office/Web Apps component...

9.3CVSS7.5AI score0.14534EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.97 views

CVE-2016-7268

CVE-2016-7268 is an information-disclosure/Memory-read vulnerability in Microsoft Office products. The initial description lists how crafted Office documents can cause an out-of-bounds read or memory disclosure, allowing remote attackers to obtain sensitive information from process memory. Affect...

7.1CVSS6.7AI score0.22585EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.96 views

CVE-2016-3317

CVE-2016-3317 describes a memory corruption vulnerability in Microsoft Office components (Office 2010 SP2, Word 2007 SP3/2010 SP2, Word for Mac 2011, Word 2016 for Mac, Word Viewer) that could allow remote code execution when a user opens a crafted file. The issue is part of multiple related Offi...

9.3CVSS7.6AI score0.22127EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.95 views

CVE-2016-0052

The CVE-2016-0052 issue affects Microsoft Word/Office across multiple versions (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Serve...

9.3CVSS7.7AI score0.19541EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.93 views

CVE-2015-1649

CVE-2015-1649 is a use-after-free vulnerability in Microsoft Office components (Word 2007 SP3, Office 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2) that allows remote code execution via a crafted ...

9.3CVSS7.5AI score0.23296EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.93 views

CVE-2015-1650

CVE-2015-1650 is a use-after-free vulnerability in Microsoft Word/Office components that allows remote code execution via crafted Office documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS7.5AI score0.26766EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.90 views

CVE-2015-2468

CVE-2015-2468 affects Microsoft Office components across Word/Office for Windows and Mac, including Word 2007 SP3, 2010 SP2, 2013 SP1, Office for Mac 2011/2016, Office Compatibility Pack SP3, Word Viewer, and related SharePoint/Office Web Apps. The root cause is memory corruption triggered by pro...

9.3CVSS7.4AI score0.29519EPSS
CVE
CVE
added 2014/01/15 2:0 a.m.87 views

CVE-2014-0260

CVE-2014-0260 affects Microsoft Word and related Office components (Word Viewer, Office Web Apps, SharePoint, etc.). The issue arises from memory corruption while parsing crafted Office documents, enabling remote code execution or, per source, possible denial of service. The vulnerability is mapp...

9.3CVSS8.7AI score0.15357EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.86 views

CVE-2015-2470

CVE-2015-2470 is a Microsoft Office remote-code-execution vulnerability caused by an integer underflow when processing crafted Office documents. Affected products include Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer. The underflow can...

9.3CVSS7.5AI score0.26857EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.86 views

CVE-2016-3280

CVE-2016-3280 is a Microsoft Office/Word memory-corruption vulnerability that allows remote code execution via crafted Office documents. The CVE affects Word and related components across multiple platforms (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for ...

9.3CVSS7.6AI score0.19641EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.84 views

CVE-2013-3849

Summary: CVE-2013-3849 is part of a set of related Word memory corruption vulnerabilities affecting Microsoft Word Automation Services and related Word components (SharePoint 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility...

9.3CVSS7.5AI score0.21033EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.80 views

CVE-2015-6092

CVE-2015-6092 is a remote-code-execution memory-corruption vulnerability in Microsoft Word/Office components (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1/RT SP1, Word 2016, Office Compatibility Pack, Word Viewer). The issue arises from improper handling of objects in memory while...

9.3CVSS7.5AI score0.14534EPSS
CVE
CVE
added 2015/02/11 2:0 a.m.79 views

CVE-2015-0064

CVE-2015-0064 corresponds to a memory-corruption remote-code-execution vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer and Office Compatibility Pack SP3. The issue arises when processing a crafte...

9.3CVSS8AI score0.29954EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.78 views

CVE-2010-3214

The CVE-2010-3214 entry maps to a stack-based buffer overflow in Microsoft Word triggered by parsing specific Word structures (UPX data) in crafted Word documents, enabling remote code execution. Affected products include Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Word for Mac 2004 and 2008; th...

9.3CVSS7.9AI score0.24787EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.78 views

CVE-2013-3847

Microsoft Word Memory Corruption Vulnerability (CVE-2013-3847) affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. A crafted Office document coul...

9.3CVSS7.5AI score0.20971EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.77 views

CVE-2015-2379

CVE-2015-2379 affects Microsoft Office components (Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Word Viewer). The vulnerability is a memory corruption issue triggered by processing crafted Office documents, allowing remote attackers to execu...

9.3CVSS7.8AI score0.13715EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.77 views

CVE-2015-6106

CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...

9.3CVSS7.5AI score0.17321EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.76 views

CVE-2016-0053

CVE-2016-0053 corresponds to a memory corruption vulnerability that allows remote code execution when processing crafted Office documents in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automa...

9.3CVSS7.6AI score0.19541EPSS
CVE
CVE
added 2016/01/13 2:0 a.m.75 views

CVE-2016-0010

CVE-2016-0010 is a Microsoft Office memory corruption vulnerability that can allow remote code execution when a crafted Office document is opened. Affected products include Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and Mac versions (Office for Mac 2011/2016) plus Word/Excel/PowerPoi...

9.3CVSS7.7AI score0.21606EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.73 views

CVE-2013-3855

CVE-2013-3855 affects Microsoft Word 2003 SP3/2007 SP3, Office Compatibility Pack SP3, and Word Viewer. Root cause is memory corruption via a crafted Office document, enabling remote code execution or a memory‑corruption DoS. The OpenVAS/NVD entries cite MS13-072 as the remediation path (security...

9.3CVSS7.6AI score0.20145EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.71 views

CVE-2016-3283

CVE-2016-3283 – Microsoft Office Memory Corruption Vulnerability : A remote code execution flaw exists in Microsoft Office/Word Viewer due to improper handling of in-memory objects while parsing specially crafted Office files. An attacker can exploit this by enticing a user to open a crafted docu...

9.3CVSS7.7AI score0.19641EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.70 views

CVE-2015-0086

CVE-2015-0086 affects Microsoft Office/Word products including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold/SP1, Word 2013 RT Gold/SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Serve...

9.3CVSS7.6AI score0.13452EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.69 views

CVE-2010-3221

Microsoft Word Remote Code Execution (CVE-2010-3221) arises from memory corruption when parsing crafted Word documents, allowing remote code execution. Affected products across the Word family include Word 2002 SP3, 2003 SP3, Word Viewer, and Office/Word for Mac variants cited in MS10-079 materia...

9.3CVSS7.5AI score0.19751EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.68 views

CVE-2013-3857

CVE-2013-3857 affects Microsoft Word/Office components across SharePoint, Word Web App, Word Viewer, and older Word releases (2003–2010) with Word Memory Corruption via crafted documents. Root cause: memory corruption enabling remote code execution or DoS. Affected/impacted products include Word ...

9.3CVSS7.6AI score0.21033EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.68 views

CVE-2013-3858

CVE-2013-3858 affects Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer. The vulnerability allows remote attackers to execute arbitrary code or cause a ...

9.3CVSS7.5AI score0.21033EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.64 views

CVE-2013-3160

CVE-2013-3160 corresponds to an XXE vulnerability in Microsoft Office 2003 SP3/2007 SP3, Word 2003/2007, and Word Viewer. Its root cause is improper handling of XML with an external entity declaration and an entity reference, allowing a remote attacker to read local files. Connected sources enume...

5CVSS6.5AI score0.24158EPSS
Total number of security vulnerabilities52