Office
by Microsoft
CVEs (1,071)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3859 | 0.00 | — | 0.02 | Sep 11, 2013 | Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability." | |||
| CVE-2012-1894 | 0.00 | — | 0.02 | Jul 10, 2012 | Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for… | |||
| CVE-2008-7217 | 0.00 | — | 0.01 | Sep 13, 2009 | Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to… | |||
| CVE-2008-3003 | 0.00 | — | 0.02 | Aug 12, 2008 | Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote… | |||
| CVE-2007-5861 | 0.00 | — | 0.02 | Dec 19, 2007 | Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | |||
| CVE-2006-0008 | 0.00 | — | 0.02 | Feb 14, 2006 | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License… | |||
| CVE-2005-0545 | 0.00 | — | 0.02 | May 2, 2005 | Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this… | |||
| CVE-2002-0615 | 0.00 | — | 0.06 | Jul 3, 2002 | The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | |||
| CVE-2000-0088 | 0.00 | — | 0.02 | Jan 20, 2000 | Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | |||
| CVE-1999-1259 | 0.00 | — | 0.03 | Dec 31, 1999 | Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. | |||
| CVE-1999-0384 | 0.00 | — | 0.01 | Jan 1, 1999 | The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. |
- CVE-2013-3859Sep 11, 2013risk 0.00cvss —epss 0.02
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
- CVE-2012-1894Jul 10, 2012risk 0.00cvss —epss 0.02
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for…
- CVE-2008-7217Sep 13, 2009risk 0.00cvss —epss 0.01
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to…
- CVE-2008-3003Aug 12, 2008risk 0.00cvss —epss 0.02
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote…
- CVE-2007-5861Dec 19, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
- CVE-2006-0008Feb 14, 2006risk 0.00cvss —epss 0.02
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License…
- CVE-2005-0545May 2, 2005risk 0.00cvss —epss 0.02
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this…
- CVE-2002-0615Jul 3, 2002risk 0.00cvss —epss 0.06
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
- CVE-2000-0088Jan 20, 2000risk 0.00cvss —epss 0.02
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
- CVE-1999-1259Dec 31, 1999risk 0.00cvss —epss 0.03
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
- CVE-1999-0384Jan 1, 1999risk 0.00cvss —epss 0.01
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
Page 54 of 54