Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28452 | Hig | 0.46 | 7.1 | 0.01 | Apr 13, 2021 | Microsoft Outlook Memory Corruption Vulnerability | ||
| CVE-2021-27055 | Hig | 0.46 | 7.0 | 0.02 | Mar 11, 2021 | Microsoft Visio Security Feature Bypass Vulnerability | ||
| CVE-2020-16934 | Hig | 0.46 | 7.0 | 0.02 | Oct 16, 2020 | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to… | ||
| CVE-2020-16933 | Hig | 0.46 | 7.0 | 0.03 | Oct 16, 2020 | A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.… | ||
| CVE-2023-36413 | Med | 0.45 | 6.5 | 0.30 | Nov 14, 2023 | Microsoft Office Security Feature Bypass Vulnerability | ||
| CVE-2023-35636 | Med | 0.44 | 6.5 | 0.18 | Dec 12, 2023 | Microsoft Outlook Information Disclosure Vulnerability | ||
| CVE-2023-33153 | Med | 0.44 | 6.8 | 0.01 | Jul 11, 2023 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2020-17063 | Med | 0.44 | 6.8 | 0.01 | Nov 11, 2020 | Microsoft Office Online Spoofing Vulnerability | ||
| CVE-2016-7257 | Med | 0.44 | 6.5 | 0.23 | Dec 20, 2016 | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure… | ||
| CVE-2016-7233 | Med | 0.44 | 6.5 | 0.22 | Nov 10, 2016 | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information… | ||
| CVE-2023-33151 | Med | 0.43 | 6.5 | 0.03 | Jul 11, 2023 | Microsoft Outlook Spoofing Vulnerability | ||
| CVE-2020-17119 | Med | 0.43 | 6.5 | 0.04 | Dec 10, 2020 | Microsoft Outlook Information Disclosure Vulnerability | ||
| CVE-2019-0559 | Med | 0.43 | 6.5 | 0.07 | Jan 8, 2019 | An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. | ||
| CVE-2018-8579 | Med | 0.43 | 6.5 | 0.06 | Nov 14, 2018 | An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | ||
| CVE-2018-8558 | Med | 0.43 | 6.5 | 0.06 | Nov 14, 2018 | An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.… | ||
| CVE-2018-0950 | Med | 0.43 | 6.5 | 0.09 | Apr 12, 2018 | An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This… | ||
| CVE-2017-11939 | Med | 0.43 | 6.5 | 0.06 | Dec 12, 2017 | Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | ||
| CVE-2017-8534 | Med | 0.43 | 6.5 | 0.06 | Jun 15, 2017 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents,… | ||
| CVE-2017-8533 | Med | 0.43 | 6.5 | 0.08 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure… | ||
| CVE-2017-8532 | Med | 0.43 | 6.5 | 0.07 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure… |
- risk 0.46cvss 7.1epss 0.01
Microsoft Outlook Memory Corruption Vulnerability
- risk 0.46cvss 7.0epss 0.02
Microsoft Visio Security Feature Bypass Vulnerability
- risk 0.46cvss 7.0epss 0.02
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to…
- risk 0.46cvss 7.0epss 0.03
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…
- risk 0.45cvss 6.5epss 0.30
Microsoft Office Security Feature Bypass Vulnerability
- risk 0.44cvss 6.5epss 0.18
Microsoft Outlook Information Disclosure Vulnerability
- risk 0.44cvss 6.8epss 0.01
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.44cvss 6.8epss 0.01
Microsoft Office Online Spoofing Vulnerability
- risk 0.44cvss 6.5epss 0.23
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure…
- risk 0.44cvss 6.5epss 0.22
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information…
- risk 0.43cvss 6.5epss 0.03
Microsoft Outlook Spoofing Vulnerability
- risk 0.43cvss 6.5epss 0.04
Microsoft Outlook Information Disclosure Vulnerability
- risk 0.43cvss 6.5epss 0.07
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
- risk 0.43cvss 6.5epss 0.06
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
- risk 0.43cvss 6.5epss 0.06
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.…
- risk 0.43cvss 6.5epss 0.09
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This…
- risk 0.43cvss 6.5epss 0.06
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
- risk 0.43cvss 6.5epss 0.06
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents,…
- risk 0.43cvss 6.5epss 0.08
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure…
- risk 0.43cvss 6.5epss 0.07
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure…
Page 22 of 54