Word
by Microsoft
CVEs (269)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17020 | 0.00 | — | 0.01 | Nov 11, 2020 | Microsoft Word Security Feature Bypass Vulnerability | |||
| CVE-2020-16933 | 0.00 | — | 0.03 | Oct 16, 2020 | A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | |||
| CVE-2003-0664 | 0.00 | — | 0.04 | Oct 20, 2003 | Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. | |||
| CVE-2001-0628 | 0.00 | — | 0.02 | Aug 14, 2001 | Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. | |||
| CVE-2001-0501 | 0.00 | — | 0.02 | Jul 21, 2001 | Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. | |||
| CVE-2001-0240 | 0.00 | — | 0.01 | Jun 27, 2001 | Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. | |||
| CVE-2000-0765 | 0.00 | — | 0.04 | Oct 20, 2000 | Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. | |||
| CVE-2000-0088 | 0.00 | — | 0.02 | Jan 20, 2000 | Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | |||
| CVE-1999-0354 | 0.00 | — | 0.05 | Nov 1, 1999 | Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious… |
- CVE-2020-17020Nov 11, 2020risk 0.00cvss —epss 0.01
Microsoft Word Security Feature Bypass Vulnerability
- CVE-2020-16933Oct 16, 2020risk 0.00cvss —epss 0.03
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- CVE-2003-0664Oct 20, 2003risk 0.00cvss —epss 0.04
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
- CVE-2001-0628Aug 14, 2001risk 0.00cvss —epss 0.02
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
- CVE-2001-0501Jul 21, 2001risk 0.00cvss —epss 0.02
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
- CVE-2001-0240Jun 27, 2001risk 0.00cvss —epss 0.01
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
- CVE-2000-0765Oct 20, 2000risk 0.00cvss —epss 0.04
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
- CVE-2000-0088Jan 20, 2000risk 0.00cvss —epss 0.02
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
- CVE-1999-0354Nov 1, 1999risk 0.00cvss —epss 0.05
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious…
Page 14 of 14