Office 365 ProPlus

CVEs (63)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2018-8597	Microsoft Office	0.02	—	0.28	Dec 12, 2018	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is…
CVE-2018-8575	Microsoft Office	0.02	—	0.29	Nov 14, 2018	A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.
CVE-2018-8502	Microsoft Office	0.02	—	0.24	Oct 10, 2018	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.
CVE-2018-8501	Microsoft Office	0.02	—	0.30	Oct 10, 2018	A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft…
CVE-2020-0652	Microsoft Office Visio	0.01	—	0.17	Jan 14, 2020	A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.
CVE-2019-1464	Microsoft Office Visio	0.01	—	0.13	Dec 10, 2019	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1461	Microsoft Word	0.01	—	0.17	Dec 10, 2019	A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
CVE-2019-1446	Microsoft Excel	0.01	—	0.10	Nov 12, 2019	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1264	Microsoft Office Visio	0.01	—	0.08	Sep 11, 2019	A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
CVE-2019-1263	Microsoft Excel	0.01	—	0.16	Sep 11, 2019	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1112	Microsoft Excel	0.01	—	0.11	Jul 29, 2019	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1109	Microsoft Office Visio	0.01	—	0.08	Jul 29, 2019	A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update…
CVE-2019-1084	Microsoft Exchange Server	0.01	—	0.09	Jul 15, 2019	An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
CVE-2019-1034	Microsoft Word	0.01	—	0.13	Jun 12, 2019	A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
CVE-2019-1035	Microsoft Word	0.01	—	0.12	Jun 12, 2019	A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
CVE-2018-8598	Microsoft Office	0.01	—	0.15	Dec 12, 2018	An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from…
CVE-2018-8546	Microsoft Office	0.01	—	0.17	Nov 14, 2018	A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
CVE-2020-0697	Microsoft Office	0.00	—	0.00	Feb 11, 2020	An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially…
CVE-2020-0696	Microsoft Outlook	0.00	—	0.04	Feb 11, 2020	A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
CVE-2019-1463	Microsoft Access	0.00	—	0.02	Dec 10, 2019	An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

CVE-2018-8597Dec 12, 2018
Microsoft
Office
risk 0.02cvss —epss 0.28
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is…
CVE-2018-8575Nov 14, 2018
Microsoft
Office
risk 0.02cvss —epss 0.29
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.
CVE-2018-8502Oct 10, 2018
Microsoft
Office
risk 0.02cvss —epss 0.24
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.
CVE-2018-8501Oct 10, 2018
Microsoft
Office
risk 0.02cvss —epss 0.30
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft…
CVE-2020-0652Jan 14, 2020
Microsoft
Office Visio
risk 0.01cvss —epss 0.17
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.
CVE-2019-1464Dec 10, 2019
Microsoft
Office Visio
risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1461Dec 10, 2019
Microsoft
Word
risk 0.01cvss —epss 0.17
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
CVE-2019-1446Nov 12, 2019
Microsoft
Excel
risk 0.01cvss —epss 0.10
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1264Sep 11, 2019
Microsoft
Office Visio
risk 0.01cvss —epss 0.08
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
CVE-2019-1263Sep 11, 2019
Microsoft
Excel
risk 0.01cvss —epss 0.16
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1112Jul 29, 2019
Microsoft
Excel
risk 0.01cvss —epss 0.11
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2019-1109Jul 29, 2019
Microsoft
Office Visio
risk 0.01cvss —epss 0.08
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update…
CVE-2019-1084Jul 15, 2019
Microsoft
Exchange Server
risk 0.01cvss —epss 0.09
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
CVE-2019-1034Jun 12, 2019
Microsoft
Word
risk 0.01cvss —epss 0.13
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
CVE-2019-1035Jun 12, 2019
Microsoft
Word
risk 0.01cvss —epss 0.12
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
CVE-2018-8598Dec 12, 2018
Microsoft
Office
risk 0.01cvss —epss 0.15
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from…
CVE-2018-8546Nov 14, 2018
Microsoft
Office
risk 0.01cvss —epss 0.17
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
CVE-2020-0697Feb 11, 2020
Microsoft
Office
risk 0.00cvss —epss 0.00
An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially…
CVE-2020-0696Feb 11, 2020
Microsoft
Outlook
risk 0.00cvss —epss 0.04
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
CVE-2019-1463Dec 10, 2019
Microsoft
Access
risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400.

Page 3 of 4