Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3234 | Med | 0.38 | 5.5 | 0.26 | Jun 16, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1… | ||
| CVE-2021-31178 | Med | 0.37 | 5.5 | 0.16 | May 11, 2021 | Microsoft Office Information Disclosure Vulnerability | ||
| CVE-2019-0540 | Med | 0.37 | 5.5 | 0.13 | Mar 5, 2019 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | ||
| CVE-2018-8382 | Med | 0.37 | 5.5 | 0.12 | Aug 15, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2017-11934 | Med | 0.37 | 5.5 | 0.13 | Dec 12, 2017 | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability". | ||
| CVE-2017-0029 | Med | 0.37 | 5.5 | 0.16 | Mar 17, 2017 | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||
| CVE-2016-7244 | Med | 0.37 | 5.5 | 0.16 | Nov 10, 2016 | Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||
| CVE-2016-3279 | Med | 0.37 | 5.5 | 0.16 | Jul 13, 2016 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and… | ||
| CVE-2026-44821 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-35440 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-32085 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally. | ||
| CVE-2026-25180 | Med | 0.36 | 5.5 | 0.01 | Mar 10, 2026 | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-53799 | Med | 0.36 | 5.5 | 0.01 | Sep 9, 2025 | Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. | ||
| CVE-2023-36009 | Med | 0.36 | 5.5 | 0.01 | Dec 12, 2023 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2023-41764 | Med | 0.36 | 5.5 | 0.01 | Sep 12, 2023 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2023-33162 | Med | 0.36 | 5.5 | 0.01 | Jul 11, 2023 | Microsoft Excel Information Disclosure Vulnerability | ||
| CVE-2023-23391 | Med | 0.36 | 5.5 | 0.01 | Mar 14, 2023 | Office for Android Spoofing Vulnerability | ||
| CVE-2023-21714 | Med | 0.36 | 5.5 | 0.01 | Feb 14, 2023 | Microsoft Office Information Disclosure Vulnerability | ||
| CVE-2022-41105 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Excel Information Disclosure Vulnerability | ||
| CVE-2022-41104 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Excel Security Feature Bypass Vulnerability |
- risk 0.38cvss 5.5epss 0.26
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1…
- risk 0.37cvss 5.5epss 0.16
Microsoft Office Information Disclosure Vulnerability
- risk 0.37cvss 5.5epss 0.13
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.13
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Office Spoofing Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Office for Android Spoofing Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Office Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Security Feature Bypass Vulnerability
Page 24 of 54