Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8531 | Med | 0.43 | 6.5 | 0.07 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper… | ||
| CVE-2016-3209 | Med | 0.43 | 5.5 | 0.54 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-0141 | Med | 0.43 | 6.5 | 0.05 | Sep 14, 2016 | The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure… | ||
| CVE-2008-5180 | Med | 0.43 | 5.3 | 0.68 | Nov 20, 2008 | Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | ||
| CVE-2026-34350 | Med | 0.42 | 6.5 | 0.01 | May 12, 2026 | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | ||
| CVE-2023-36893 | Med | 0.42 | 6.5 | 0.02 | Aug 8, 2023 | Microsoft Outlook Spoofing Vulnerability | ||
| CVE-2022-38001 | Med | 0.42 | 6.5 | 0.01 | Oct 11, 2022 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2022-26934 | Med | 0.42 | 6.5 | 0.03 | May 10, 2022 | Windows Graphics Component Information Disclosure Vulnerability | ||
| CVE-2021-42293 | Med | 0.42 | 6.5 | 0.03 | Dec 15, 2021 | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | ||
| CVE-2026-41614 | Med | 0.40 | 6.2 | 0.00 | May 12, 2026 | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2021-41368 | Med | 0.40 | 6.1 | 0.04 | Nov 10, 2021 | Microsoft Access Remote Code Execution Vulnerability | ||
| CVE-2017-8550 | Med | 0.40 | 5.4 | 0.22 | Jun 15, 2017 | A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | ||
| CVE-2017-0060 | Med | 0.40 | 5.5 | 0.16 | Mar 17, 2017 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from… | ||
| CVE-2019-1153 | Med | 0.39 | 5.5 | 0.03 | Aug 14, 2019 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this… | ||
| CVE-2019-1148 | Med | 0.39 | 5.5 | 0.03 | Aug 14, 2019 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this… | ||
| CVE-2018-8546 | Med | 0.39 | 5.9 | 0.05 | Nov 14, 2018 | A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype. | ||
| CVE-2017-0194 | Med | 0.38 | 5.5 | 0.26 | Apr 12, 2017 | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||
| CVE-2017-0105 | Med | 0.38 | 5.5 | 0.30 | Mar 17, 2017 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a… | ||
| CVE-2016-3263 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-3262 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… |
- risk 0.43cvss 6.5epss 0.07
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper…
- risk 0.43cvss 5.5epss 0.54
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.43cvss 6.5epss 0.05
The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure…
- risk 0.43cvss 5.3epss 0.68
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
- risk 0.42cvss 6.5epss 0.01
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
- risk 0.42cvss 6.5epss 0.02
Microsoft Outlook Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.01
Microsoft Office Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows Graphics Component Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
- risk 0.40cvss 6.2epss 0.00
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
- risk 0.40cvss 6.1epss 0.04
Microsoft Access Remote Code Execution Vulnerability
- risk 0.40cvss 5.4epss 0.22
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
- risk 0.40cvss 5.5epss 0.16
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…
- risk 0.39cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this…
- risk 0.39cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this…
- risk 0.39cvss 5.9epss 0.05
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
- risk 0.38cvss 5.5epss 0.26
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
- risk 0.38cvss 5.5epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
Page 23 of 54