Word
by Microsoft
CVEs (269)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7268 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory… | ||
| CVE-2026-41101 | Hig | 0.46 | 7.1 | 0.00 | May 12, 2026 | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | ||
| CVE-2026-26133 | Hig | 0.46 | 7.1 | 0.00 | Mar 16, 2026 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2016-7233 | Med | 0.44 | 6.5 | 0.22 | Nov 10, 2016 | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information… | ||
| CVE-2018-8160 | Med | 0.43 | 6.5 | 0.08 | May 9, 2018 | An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | ||
| CVE-2018-0950 | Med | 0.43 | 6.5 | 0.09 | Apr 12, 2018 | An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This… | ||
| CVE-2017-0105 | Med | 0.38 | 5.5 | 0.30 | Mar 17, 2017 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a… | ||
| CVE-2016-3234 | Med | 0.38 | 5.5 | 0.26 | Jun 16, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1… | ||
| CVE-2017-0029 | Med | 0.37 | 5.5 | 0.16 | Mar 17, 2017 | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||
| CVE-2016-3279 | Med | 0.37 | 5.5 | 0.16 | Jul 13, 2016 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and… | ||
| CVE-2026-35440 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2023-36009 | Med | 0.36 | 5.5 | 0.01 | Dec 12, 2023 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2022-41103 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2022-41060 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2022-29107 | Med | 0.36 | 5.5 | 0.03 | May 10, 2022 | Microsoft Office Security Feature Bypass Vulnerability | ||
| CVE-2022-24511 | Med | 0.36 | 5.5 | 0.01 | Mar 9, 2022 | Microsoft Office Word Tampering Vulnerability | ||
| CVE-2022-24462 | Med | 0.36 | 5.5 | 0.02 | Mar 9, 2022 | Microsoft Word Security Feature Bypass Vulnerability | ||
| CVE-2018-8378 | Med | 0.36 | 5.5 | 0.07 | Aug 15, 2018 | An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft… | ||
| CVE-2016-0012 | Med | 0.29 | 4.3 | 0.11 | Jan 13, 2016 | Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT… | ||
| CVE-2026-40421 | Med | 0.28 | 4.3 | 0.01 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…
- risk 0.46cvss 7.1epss 0.00
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
- risk 0.46cvss 7.1epss 0.00
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.44cvss 6.5epss 0.22
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information…
- risk 0.43cvss 6.5epss 0.08
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
- risk 0.43cvss 6.5epss 0.09
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This…
- risk 0.38cvss 5.5epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a…
- risk 0.38cvss 5.5epss 0.26
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1…
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.03
Microsoft Office Security Feature Bypass Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Office Word Tampering Vulnerability
- risk 0.36cvss 5.5epss 0.02
Microsoft Word Security Feature Bypass Vulnerability
- risk 0.36cvss 5.5epss 0.07
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft…
- risk 0.29cvss 4.3epss 0.11
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT…
- risk 0.28cvss 4.3epss 0.01
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Page 4 of 14