Office
by Microsoft
CVEs (1,069)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6172 | 0.04 | — | 0.54 | Dec 9, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability." | |||
| CVE-2012-5672 | 0.04 | — | 0.13 | Oct 25, 2012 | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | |||
| CVE-2010-2738 | 0.04 | — | 0.19 | Sep 15, 2010 | The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated… | |||
| CVE-2008-3471 | 0.04 | — | 0.52 | Oct 15, 2008 | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;… | |||
| CVE-2006-0002 | 0.04 | — | 0.46 | Jan 10, 2006 | Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME… | |||
| CVE-2002-0862 | 0.04 | — | 0.19 | Oct 4, 2002 | The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly… | |||
| CVE-2025-47175 | 0.03 | — | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47171 | 0.03 | — | 0.01 | Jun 10, 2025 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||
| CVE-2025-47165 | 0.03 | — | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47957 | 0.03 | — | 0.01 | Jun 10, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-27751 | 0.03 | — | 0.02 | Apr 8, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2015-6038 | 0.03 | — | 0.36 | Nov 11, 2015 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to… | |||
| CVE-2013-1325 | 0.03 | — | 0.31 | Nov 13, 2013 | Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability." | |||
| CVE-2013-1324 | 0.03 | — | 0.31 | Nov 13, 2013 | Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability." | |||
| CVE-2013-0007 | 0.03 | — | 0.32 | Jan 9, 2013 | Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." | |||
| CVE-2011-0097 | 0.03 | — | 0.38 | Apr 13, 2011 | Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to… | |||
| CVE-2011-0977 | 0.03 | — | 0.32 | Feb 10, 2011 | Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka… | |||
| CVE-2009-3135 | 0.03 | — | 0.36 | Nov 11, 2009 | Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a… | |||
| CVE-2009-1134 | 0.03 | — | 0.36 | Jun 10, 2009 | Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806)… | |||
| CVE-2009-0561 | 0.03 | — | 0.37 | Jun 10, 2009 | Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel… |
- CVE-2015-6172Dec 9, 2015risk 0.04cvss —epss 0.54
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
- CVE-2012-5672Oct 25, 2012risk 0.04cvss —epss 0.13
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
- CVE-2010-2738Sep 15, 2010risk 0.04cvss —epss 0.19
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated…
- CVE-2008-3471Oct 15, 2008risk 0.04cvss —epss 0.52
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;…
- CVE-2006-0002Jan 10, 2006risk 0.04cvss —epss 0.46
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME…
- CVE-2002-0862Oct 4, 2002risk 0.04cvss —epss 0.19
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly…
- CVE-2025-47175Jun 10, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- CVE-2025-47171Jun 10, 2025risk 0.03cvss —epss 0.01
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
- CVE-2025-47165Jun 10, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-47957Jun 10, 2025risk 0.03cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-27751Apr 8, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2015-6038Nov 11, 2015risk 0.03cvss —epss 0.36
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to…
- CVE-2013-1325Nov 13, 2013risk 0.03cvss —epss 0.31
Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability."
- CVE-2013-1324Nov 13, 2013risk 0.03cvss —epss 0.31
Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability."
- CVE-2013-0007Jan 9, 2013risk 0.03cvss —epss 0.32
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
- CVE-2011-0097Apr 13, 2011risk 0.03cvss —epss 0.38
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to…
- CVE-2011-0977Feb 10, 2011risk 0.03cvss —epss 0.32
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka…
- CVE-2009-3135Nov 11, 2009risk 0.03cvss —epss 0.36
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a…
- CVE-2009-1134Jun 10, 2009risk 0.03cvss —epss 0.36
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806)…
- CVE-2009-0561Jun 10, 2009risk 0.03cvss —epss 0.37
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel…
Page 31 of 54