Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36762 | Hig | 0.48 | 7.3 | 0.01 | Sep 12, 2023 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2022-33631 | Hig | 0.48 | 7.3 | 0.01 | Aug 9, 2022 | Microsoft Excel Security Feature Bypass Vulnerability | ||
| CVE-2021-31949 | Hig | 0.48 | 7.3 | 0.03 | Jun 8, 2021 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2016-7291 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a… | ||
| CVE-2016-7290 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a… | ||
| CVE-2016-7276 | Hig | 0.48 | 7.1 | 0.25 | Dec 20, 2016 | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office… | ||
| CVE-2016-7268 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory… | ||
| CVE-2021-40481 | Hig | 0.47 | 7.1 | 0.06 | Oct 13, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | ||
| CVE-2026-44818 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-42825 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34340 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33839 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32188 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-32150 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-24285 | Hig | 0.46 | 7.0 | 0.00 | Mar 10, 2026 | Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||
| CVE-2023-36568 | Hig | 0.46 | 7.0 | 0.00 | Oct 10, 2023 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||
| CVE-2023-36565 | Hig | 0.46 | 7.0 | 0.00 | Oct 10, 2023 | Microsoft Office Graphics Elevation of Privilege Vulnerability | ||
| CVE-2023-33152 | Hig | 0.46 | 7.0 | 0.00 | Jul 11, 2023 | Microsoft ActiveX Remote Code Execution Vulnerability | ||
| CVE-2023-23398 | Hig | 0.46 | 7.1 | 0.01 | Mar 14, 2023 | Microsoft Excel Spoofing Vulnerability | ||
| CVE-2023-21741 | Hig | 0.46 | 7.1 | 0.02 | Jan 10, 2023 | Microsoft Office Visio Information Disclosure Vulnerability |
- risk 0.48cvss 7.3epss 0.01
Microsoft Word Remote Code Execution Vulnerability
- risk 0.48cvss 7.3epss 0.01
Microsoft Excel Security Feature Bypass Vulnerability
- risk 0.48cvss 7.3epss 0.03
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…
- risk 0.48cvss 7.1epss 0.25
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office…
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…
- risk 0.47cvss 7.1epss 0.06
Microsoft Office Visio Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Microsoft Office Graphics Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Microsoft ActiveX Remote Code Execution Vulnerability
- risk 0.46cvss 7.1epss 0.01
Microsoft Excel Spoofing Vulnerability
- risk 0.46cvss 7.1epss 0.02
Microsoft Office Visio Information Disclosure Vulnerability
Page 21 of 54