Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1155 | Hig | 0.51 | 7.8 | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | ||
| CVE-2019-1035 | Hig | 0.51 | 7.8 | 0.07 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | ||
| CVE-2019-1034 | Hig | 0.51 | 7.8 | 0.05 | Jun 12, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | ||
| CVE-2018-8412 | Hig | 0.51 | 7.8 | 0.01 | Aug 15, 2018 | An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office. | ||
| CVE-2018-0907 | Hig | 0.51 | 7.8 | 0.06 | Mar 14, 2018 | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office… | ||
| CVE-2017-11884 | Hig | 0.51 | 7.8 | 0.09 | Nov 15, 2017 | Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882. | ||
| CVE-2016-7275 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2016 | Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | ||
| CVE-2016-0057 | Hig | 0.51 | 7.8 | 0.01 | Mar 9, 2016 | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||
| CVE-2026-42832 | Hig | 0.50 | 7.7 | 0.00 | May 12, 2026 | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2026-33821 | Hig | 0.50 | 7.7 | 0.01 | May 12, 2026 | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2021-38650 | Hig | 0.50 | 7.6 | 0.01 | Sep 15, 2021 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2017-0014 | Hig | 0.50 | 7.5 | 0.18 | Mar 17, 2017 | The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a… | ||
| CVE-2025-26687 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2024-30101 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2024 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2023-36763 | Hig | 0.49 | 7.5 | 0.02 | Sep 12, 2023 | Microsoft Outlook Information Disclosure Vulnerability | ||
| CVE-2023-29335 | Hig | 0.49 | 7.5 | 0.01 | May 9, 2023 | Microsoft Word Security Feature Bypass Vulnerability | ||
| CVE-2022-44713 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2022 | Microsoft Outlook for Mac Spoofing Vulnerability | ||
| CVE-2018-8310 | Hig | 0.49 | 7.5 | 0.05 | Jul 11, 2018 | A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. | ||
| CVE-2016-0025 | Hig | 0.49 | 7.3 | 0.17 | Jun 16, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint… | ||
| CVE-2026-32156 | Hig | 0.48 | 7.4 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. |
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- risk 0.51cvss 7.8epss 0.07
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- risk 0.51cvss 7.8epss 0.05
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.
- risk 0.51cvss 7.8epss 0.06
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office…
- risk 0.51cvss 7.8epss 0.09
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.
- risk 0.51cvss 7.8epss 0.01
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
- risk 0.51cvss 7.8epss 0.01
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."
- risk 0.50cvss 7.7epss 0.00
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
- risk 0.50cvss 7.7epss 0.01
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
- risk 0.50cvss 7.6epss 0.01
Microsoft Office Spoofing Vulnerability
- risk 0.50cvss 7.5epss 0.18
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a…
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.02
Microsoft Office Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.02
Microsoft Outlook Information Disclosure Vulnerability
- risk 0.49cvss 7.5epss 0.01
Microsoft Word Security Feature Bypass Vulnerability
- risk 0.49cvss 7.5epss 0.01
Microsoft Outlook for Mac Spoofing Vulnerability
- risk 0.49cvss 7.5epss 0.05
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
- risk 0.49cvss 7.3epss 0.17
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint…
- risk 0.48cvss 7.4epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
Page 20 of 54