Excel
by Microsoft
CVEs (425)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32188 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-26133 | Hig | 0.46 | 7.1 | 0.00 | Mar 16, 2026 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2023-23398 | Hig | 0.46 | 7.1 | 0.01 | Mar 14, 2023 | Microsoft Excel Spoofing Vulnerability | ||
| CVE-2017-0194 | Med | 0.38 | 5.5 | 0.26 | Apr 12, 2017 | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||
| CVE-2018-8429 | Med | 0.37 | 5.5 | 0.12 | Sep 13, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8382 | Med | 0.37 | 5.5 | 0.12 | Aug 15, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8246 | Med | 0.37 | 5.5 | 0.17 | Jun 14, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8163 | Med | 0.37 | 5.5 | 0.12 | May 9, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. | ||
| CVE-2016-7267 | Med | 0.37 | 5.5 | 0.19 | Dec 20, 2016 | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||
| CVE-2016-3279 | Med | 0.37 | 5.5 | 0.16 | Jul 13, 2016 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and… | ||
| CVE-2023-33162 | Med | 0.36 | 5.5 | 0.01 | Jul 11, 2023 | Microsoft Excel Information Disclosure Vulnerability | ||
| CVE-2022-41105 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Excel Information Disclosure Vulnerability | ||
| CVE-2022-41104 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Excel Security Feature Bypass Vulnerability | ||
| CVE-2017-11877 | Med | 0.36 | 5.5 | 0.05 | Nov 15, 2017 | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and… | ||
| CVE-2017-0027 | Med | 0.32 | 4.7 | 0.23 | Mar 17, 2017 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft… | ||
| CVE-2016-0012 | Med | 0.29 | 4.3 | 0.11 | Jan 13, 2016 | Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT… | ||
| CVE-2021-42292 | 0.15 | — | 0.32 | KEV | Nov 10, 2021 | Microsoft Excel Security Feature Bypass Vulnerability | ||
| CVE-2019-1297 | 0.15 | — | 0.20 | KEV | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | ||
| CVE-2021-27059 | 0.12 | — | 0.03 | KEV | Mar 11, 2021 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2011-0105 | 0.09 | — | 0.71 | Apr 13, 2011 | Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,… |
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.1epss 0.00
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.46cvss 7.1epss 0.01
Microsoft Excel Spoofing Vulnerability
- risk 0.38cvss 5.5epss 0.26
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.17
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.19
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Security Feature Bypass Vulnerability
- risk 0.36cvss 5.5epss 0.05
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and…
- risk 0.32cvss 4.7epss 0.23
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft…
- risk 0.29cvss 4.3epss 0.11
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT…
- risk 0.15cvss —epss 0.32
Microsoft Excel Security Feature Bypass Vulnerability
- risk 0.15cvss —epss 0.20
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- risk 0.12cvss —epss 0.03
Microsoft Office Remote Code Execution Vulnerability
- CVE-2011-0105Apr 13, 2011risk 0.09cvss —epss 0.71
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,…
Page 5 of 22