Word
by Microsoft
CVEs (269)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0821 | 0.02 | — | 0.19 | Dec 15, 2003 | Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. | |||
| CVE-2000-0419 | 0.02 | — | 0.21 | May 11, 2000 | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | |||
| CVE-2022-41031 | 0.01 | — | 0.01 | Oct 11, 2022 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-38656 | 0.01 | — | 0.05 | Sep 15, 2021 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-36941 | 0.01 | — | 0.02 | Aug 12, 2021 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-31180 | 0.01 | — | 0.02 | May 11, 2021 | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2021-28453 | 0.01 | — | 0.04 | Apr 13, 2021 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-1716 | 0.01 | — | 0.04 | Jan 12, 2021 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2020-1338 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | |||
| CVE-2020-1218 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | |||
| CVE-2020-1229 | 0.01 | — | 0.04 | Jun 9, 2020 | A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. | |||
| CVE-2019-1461 | 0.01 | — | 0.05 | Dec 10, 2019 | A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | |||
| CVE-2019-1201 | 0.01 | — | 0.05 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1205 | 0.01 | — | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1034 | 0.01 | — | 0.05 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-1035 | 0.01 | — | 0.07 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2019-0561 | 0.01 | — | 0.08 | Jan 8, 2019 | An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. | |||
| CVE-2015-6124 | 0.01 | — | 0.14 | Dec 9, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2015-6092 | 0.01 | — | 0.15 | Nov 11, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption… | |||
| CVE-2015-6091 | 0.01 | — | 0.15 | Nov 11, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." |
- CVE-2003-0821Dec 15, 2003risk 0.02cvss —epss 0.19
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
- CVE-2000-0419May 11, 2000risk 0.02cvss —epss 0.21
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
- CVE-2022-41031Oct 11, 2022risk 0.01cvss —epss 0.01
Microsoft Word Remote Code Execution Vulnerability
- CVE-2021-38656Sep 15, 2021risk 0.01cvss —epss 0.05
Microsoft Word Remote Code Execution Vulnerability
- CVE-2021-36941Aug 12, 2021risk 0.01cvss —epss 0.02
Microsoft Word Remote Code Execution Vulnerability
- CVE-2021-31180May 11, 2021risk 0.01cvss —epss 0.02
Microsoft Office Graphics Remote Code Execution Vulnerability
- CVE-2021-28453Apr 13, 2021risk 0.01cvss —epss 0.04
Microsoft Word Remote Code Execution Vulnerability
- CVE-2021-1716Jan 12, 2021risk 0.01cvss —epss 0.04
Microsoft Word Remote Code Execution Vulnerability
- CVE-2020-1338Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- CVE-2020-1218Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- CVE-2020-1229Jun 9, 2020risk 0.01cvss —epss 0.04
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
- CVE-2019-1461Dec 10, 2019risk 0.01cvss —epss 0.05
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
- CVE-2019-1201Aug 14, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1205Aug 14, 2019risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1034Jun 12, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-1035Jun 12, 2019risk 0.01cvss —epss 0.07
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2019-0561Jan 8, 2019risk 0.01cvss —epss 0.08
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
- CVE-2015-6124Dec 9, 2015risk 0.01cvss —epss 0.14
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
- CVE-2015-6092Nov 11, 2015risk 0.01cvss —epss 0.15
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption…
- CVE-2015-6091Nov 11, 2015risk 0.01cvss —epss 0.15
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Page 10 of 14