Word Security Vulnerabilities and Issues — Page 2 of Word CVE List

Lucene search

MicrosoftWord

232 matches found

CVE•added 2020/04/15 3:15 p.m.•118 views

CVE-2020-0980

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3CVSS8.3AI score0.33652EPSS

CVE•added 2022/11/09 10:15 p.m.•116 views

CVE-2022-41061

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00249EPSS

CVE•added 2025/04/08 6:16 p.m.•115 views

CVE-2025-27747

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2018/01/10 1:29 a.m.•114 views

CVE-2018-0804

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is u...

9.3CVSS8.3AI score0.36911EPSS

CVE•added 2020/07/14 11:15 p.m.•113 views

CVE-2020-1342

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.

5.5CVSS6AI score0.28299EPSS

CVE•added 2004/09/28 4:0 a.m.•112 views

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy oper...

9.3CVSS7.6AI score0.75514EPSS

CVE•added 2017/05/12 2:29 p.m.•111 views

CVE-2017-0254

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Offic...

9.3CVSS7.6AI score0.29025EPSS

CVE•added 2020/03/12 4:15 p.m.•110 views

CVE-2020-0892

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.

9.3CVSS8AI score0.33652EPSS

CVE•added 2020/08/17 7:15 p.m.•110 views

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...

5.5CVSS6.3AI score0.25763EPSS

CVE•added 2021/01/12 8:15 p.m.•110 views

CVE-2021-1716

Microsoft Word Remote Code Execution Vulnerability

9.3CVSS7.8AI score0.03413EPSS

CVE•added 2018/01/10 1:29 a.m.•109 views

CVE-2018-0792

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.

9.3CVSS8.8AI score0.60791EPSS

CVE•added 2020/06/09 8:15 p.m.•109 views

CVE-2020-1229

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

4.3CVSS4.6AI score0.09196EPSS

CVE•added 2017/11/15 3:29 a.m.•107 views

CVE-2017-11854

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Micro...

9.3CVSS8.1AI score0.14401EPSS

CVE•added 2019/12/10 10:15 p.m.•107 views

CVE-2019-1461

A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.

7.1CVSS6.1AI score0.16941EPSS

CVE•added 2020/11/11 7:15 a.m.•103 views

CVE-2020-17020

Microsoft Word Security Feature Bypass Vulnerability

5.5CVSS3.5AI score0.01014EPSS

CVE•added 2020/09/11 5:15 p.m.•102 views

CVE-2020-1218

<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

8.8CVSS7.7AI score0.07867EPSS

CVE•added 2020/07/14 11:15 p.m.•102 views

CVE-2020-1447

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2022/11/09 10:15 p.m.•102 views

CVE-2022-41103

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2016/08/09 9:59 p.m.•100 views

CVE-2016-3316

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.47003EPSS

CVE•added 2017/01/10 9:59 p.m.•100 views

CVE-2017-0003

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.33607EPSS

CVE•added 2023/07/11 6:15 p.m.•100 views

CVE-2023-33150

Microsoft Office Security Feature Bypass Vulnerability

9.6CVSS9.2AI score0.00188EPSS

CVE•added 2019/06/12 2:29 p.m.•99 views

CVE-2019-1034

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the fi...

9.3CVSS7.6AI score0.12927EPSS

CVE•added 2016/05/11 1:59 a.m.•98 views

CVE-2016-0183

The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."

9.3CVSS8.2AI score0.35188EPSS

CVE•added 2017/03/17 12:59 a.m.•97 views

CVE-2017-0031

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is differen...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2020/07/14 11:15 p.m.•97 views

CVE-2020-1448

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2020/07/14 11:15 p.m.•94 views

CVE-2020-1445

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

5.5CVSS6.1AI score0.28299EPSS

CVE•added 2017/06/15 1:29 a.m.•92 views

CVE-2017-8510

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

9.3CVSS7.2AI score0.36403EPSS

CVE•added 2022/11/09 10:15 p.m.•91 views

CVE-2022-41060

Microsoft Word Information Disclosure Vulnerability

5.5CVSS6.1AI score0.00285EPSS

CVE•added 2019/01/08 9:29 p.m.•89 views

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

5.5CVSS6.1AI score0.13337EPSS

CVE•added 2017/03/17 12:59 a.m.•88 views

CVE-2017-0019

Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030,...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2016/05/11 1:59 a.m.•87 views

CVE-2016-0198

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corr...

9.3CVSS7.8AI score0.24136EPSS

CVE•added 2017/03/17 12:59 a.m.•87 views

CVE-2017-0030

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted documen...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2017/03/17 12:59 a.m.•87 views

CVE-2017-0053

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory ...

9.3CVSS6.7AI score0.23473EPSS

CVE•added 2018/01/10 1:29 a.m.•86 views

CVE-2018-0794

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792...

9.3CVSS8.8AI score0.60791EPSS

CVE•added 2015/11/11 11:59 a.m.•85 views

CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Projec...

9.3CVSS6.8AI score0.20241EPSS

CVE•added 2016/01/13 5:59 a.m.•85 views

CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013...

4.3CVSS5.1AI score0.13313EPSS

CVE•added 2016/06/16 1:59 a.m.•85 views

CVE-2016-3234

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers t...

5.5CVSS5.4AI score0.35929EPSS

CVE•added 2018/04/12 1:29 a.m.•85 views

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...

6.5CVSS5.4AI score0.14964EPSS

CVE•added 2017/03/17 12:59 a.m.•84 views

CVE-2017-0029

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

5.5CVSS5.8AI score0.22643EPSS

CVE•added 2018/01/10 1:29 a.m.•84 views

CVE-2018-0795

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

9.3CVSS8.8AI score0.36911EPSS

CVE•added 2014/10/15 10:55 a.m.•82 views

CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code vi...

9.3CVSS8.7AI score0.35711EPSS

CVE•added 2018/11/14 1:29 a.m.•82 views

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

9.3CVSS7.9AI score0.16422EPSS

CVE•added 2012/10/09 9:55 p.m.•81 views

CVE-2012-0182

Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."

9.3CVSS7.5AI score0.53232EPSS

CVE•added 2014/04/08 11:55 p.m.•81 views

CVE-2014-1757

Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Con...

9.3CVSS8.6AI score0.34197EPSS

CVE•added 2016/07/13 1:59 a.m.•81 views

CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2...

5.5CVSS6.8AI score0.25755EPSS

CVE•added 2016/08/09 9:59 p.m.•81 views

CVE-2016-3317

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.31597EPSS

CVE•added 2016/12/20 6:59 a.m.•81 views

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2015/11/11 12:59 p.m.•80 views

CVE-2015-6091

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS

CVE•added 2016/04/12 11:59 p.m.•79 views

CVE-2016-0127

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server ...

9.3CVSS7.8AI score0.21675EPSS

CVE•added 2024/12/12 2:4 a.m.•79 views

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

5.5CVSS5.9AI score0.00187EPSS

Total number of security vulnerabilities232