VYPR

Office

by Microsoft

CVEs (1,069)

  • CVE-2019-1155HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1035HigJun 12, 2019
    risk 0.51cvss 7.8epss 0.07

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…

  • CVE-2019-1034HigJun 12, 2019
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…

  • CVE-2018-8412HigAug 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.

  • CVE-2018-0907HigMar 14, 2018
    risk 0.51cvss 7.8epss 0.06

    Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office…

  • CVE-2017-11884HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.09

    Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.

  • CVE-2016-7275HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

  • CVE-2016-0057HigMar 9, 2016
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."

  • CVE-2026-42832HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-33821HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.01

    Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

  • CVE-2021-38650HigSep 15, 2021
    risk 0.50cvss 7.6epss 0.01

    Microsoft Office Spoofing Vulnerability

  • CVE-2017-0014HigMar 17, 2017
    risk 0.50cvss 7.5epss 0.18

    The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a…

  • CVE-2025-26687HigApr 8, 2025
    risk 0.49cvss 7.5epss 0.01

    Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2024-30101HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.02

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2023-36763HigSep 12, 2023
    risk 0.49cvss 7.5epss 0.02

    Microsoft Outlook Information Disclosure Vulnerability

  • CVE-2023-29335HigMay 9, 2023
    risk 0.49cvss 7.5epss 0.01

    Microsoft Word Security Feature Bypass Vulnerability

  • CVE-2022-44713HigDec 13, 2022
    risk 0.49cvss 7.5epss 0.01

    Microsoft Outlook for Mac Spoofing Vulnerability

  • CVE-2018-8310HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.05

    A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

  • CVE-2016-0025HigJun 16, 2016
    risk 0.49cvss 7.3epss 0.17

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint…

  • CVE-2026-32156HigApr 14, 2026
    risk 0.48cvss 7.4epss 0.00

    Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

Page 20 of 54