Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
MicrosoftWord

232 matches found

CVE
CVEadded 2018/01/22 11:29 p.m.64 views

CVE-2018-0848

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is u...

9.3CVSS8.3AI score0.36911EPSS
CVE
CVEadded 2003/12/15 5:0 a.m.63 views

CVE-2003-0820

Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

7.5CVSS8AI score0.2731EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.63 views

CVE-2010-3214

Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote a...

9.3CVSS7.9AI score0.61262EPSS
CVE
CVEadded 2015/11/11 12:59 p.m.63 views

CVE-2015-6092

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.28216EPSS
CVE
CVEadded 2007/05/08 11:19 p.m.62 views

CVE-2007-1202

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrar...

6.8CVSS7.3AI score0.58163EPSS
CVE
CVEadded 2014/04/08 11:55 p.m.62 views

CVE-2014-1758

Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."

9.3CVSS8.7AI score0.32468EPSS
CVE
CVEadded 2015/04/14 8:59 p.m.62 views

CVE-2015-1649

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office doc...

9.3CVSS7.5AI score0.55659EPSS
CVE
CVEadded 2015/07/14 9:59 p.m.62 views

CVE-2015-2379

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vul...

9.3CVSS7.8AI score0.31321EPSS
CVE
CVEadded 2007/02/03 1:28 a.m.61 views

CVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

9.3CVSS7.5AI score0.62106EPSS
CVE
CVEadded 2007/04/10 11:19 p.m.61 views

CVE-2007-1910

Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.

6.8CVSS7.8AI score0.36367EPSS
CVE
CVEadded 2014/01/15 4:13 p.m.61 views

CVE-2014-0260

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of se...

9.3CVSS8.7AI score0.28644EPSS
CVE
CVEadded 2016/02/10 11:59 a.m.61 views

CVE-2016-0056

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.24713EPSS
CVE
CVEadded 2013/09/11 2:3 p.m.60 views

CVE-2013-3847

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS
CVE
CVEadded 2018/07/11 12:29 a.m.60 views

CVE-2018-8310

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

7.5CVSS7.2AI score0.07474EPSS
CVE
CVEadded 2013/09/11 2:3 p.m.59 views

CVE-2013-3855

Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.52849EPSS
CVE
CVEadded 2015/02/11 3:1 a.m.59 views

CVE-2015-0064

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Offi...

9.3CVSS8AI score0.66307EPSS
CVE
CVEadded 2016/02/10 11:59 a.m.59 views

CVE-2016-0053

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute ...

9.3CVSS7.6AI score0.22765EPSS
CVE
CVEadded 2025/06/10 5:23 p.m.59 views

CVE-2025-47168

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.00068EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.57 views

CVE-2001-0501

Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.

4.6CVSS6.7AI score0.00781EPSS
CVE
CVEadded 2007/02/11 9:28 p.m.57 views

CVE-2007-0870

Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.

7.6CVSS6.2AI score0.76277EPSS
CVE
CVEadded 2014/01/15 4:13 p.m.57 views

CVE-2014-0259

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

9.3CVSS8.6AI score0.30304EPSS
CVE
CVEadded 2014/11/11 10:55 p.m.56 views

CVE-2014-6335

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."

9.3CVSS8.8AI score0.45984EPSS
CVE
CVEadded 2015/07/14 9:59 p.m.56 views

CVE-2015-2380

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.8AI score0.31321EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.55 views

CVE-2010-1900

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word...

9.3CVSS7.6AI score0.43664EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.55 views

CVE-2010-3216

Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."

9.3CVSS7.5AI score0.57317EPSS
CVE
CVEadded 2015/12/09 11:59 a.m.55 views

CVE-2015-6124

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.34197EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.54 views

CVE-2010-1902

Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbit...

9.3CVSS7.9AI score0.58304EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.54 views

CVE-2015-0086

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2,...

9.3CVSS7.6AI score0.27375EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.54 views

CVE-2015-2469

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.66829EPSS
CVE
CVEadded 2006/02/28 11:2 a.m.53 views

CVE-2006-0935

Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.

2.6CVSS6.5AI score0.1028EPSS
CVE
CVEadded 2006/12/14 6:28 p.m.53 views

CVE-2006-6561

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-64...

9.3CVSS7.1AI score0.76277EPSS
CVE
CVEadded 2013/09/11 2:3 p.m.53 views

CVE-2013-3857

Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of ...

9.3CVSS7.6AI score0.5796EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.52 views

CVE-2001-0628

Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.

7.2CVSS7.3AI score0.02102EPSS
CVE
CVEadded 2002/06/25 4:0 a.m.52 views

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or rep...

7.5CVSS7.2AI score0.16381EPSS
CVE
CVEadded 2003/10/20 4:0 a.m.52 views

CVE-2003-0664

Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.

7.5CVSS7.2AI score0.07251EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.52 views

CVE-2010-1903

Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.55117EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.52 views

CVE-2010-3219

Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."

9.3CVSS7.4AI score0.56564EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.52 views

CVE-2010-3220

Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."

9.3CVSS7.4AI score0.54346EPSS
CVE
CVEadded 2013/09/11 2:3 p.m.52 views

CVE-2013-3858

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti...

9.3CVSS7.5AI score0.61623EPSS
CVE
CVEadded 2015/02/11 3:1 a.m.52 views

CVE-2015-0065

Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."

9.3CVSS8.2AI score0.68596EPSS
CVE
CVEadded 2025/06/10 5:23 p.m.52 views

CVE-2025-47169

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.9AI score0.00068EPSS
CVE
CVEadded 2000/07/12 4:0 a.m.51 views

CVE-2000-0419

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

7.5CVSS6.7AI score0.10948EPSS
CVE
CVEadded 2003/12/15 5:0 a.m.51 views

CVE-2003-0821

Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.

7.5CVSS7.6AI score0.14384EPSS
CVE
CVEadded 2005/07/12 4:0 a.m.51 views

CVE-2005-0564

Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.

7.5CVSS7.9AI score0.46092EPSS
CVE
CVEadded 2006/10/10 10:7 p.m.51 views

CVE-2006-3651

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.

9.3CVSS7.2AI score0.59337EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.51 views

CVE-2010-3221

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."

9.3CVSS7.5AI score0.54346EPSS
CVE
CVEadded 2014/06/11 4:56 a.m.51 views

CVE-2014-2778

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."

9.3CVSS8.7AI score0.40401EPSS
CVE
CVEadded 2014/12/11 12:59 a.m.51 views

CVE-2014-6356

Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."

9.3CVSS7.9AI score0.22725EPSS
CVE
CVEadded 2000/10/20 4:0 a.m.50 views

CVE-2000-0765

Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

5.1CVSS7.7AI score0.10691EPSS
CVE
CVEadded 2006/10/10 10:7 p.m.49 views

CVE-2006-4693

Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.

9.3CVSS7.4AI score0.59337EPSS
Total number of security vulnerabilities232