Excel
by Microsoft
CVEs (425)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2520 | 0.05 | — | 0.28 | Sep 9, 2015 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2011-1276 | 0.05 | — | 0.28 | Jun 16, 2011 | Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute… | |||
| CVE-2010-1248 | 0.05 | — | 0.27 | Jun 8, 2010 | Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." | |||
| CVE-2010-1247 | 0.05 | — | 0.22 | Jun 8, 2010 | Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than… | |||
| CVE-2010-1246 | 0.05 | — | 0.25 | Jun 8, 2010 | Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." | |||
| CVE-2010-1245 | 0.05 | — | 0.22 | Jun 8, 2010 | Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory… | |||
| CVE-2010-0824 | 0.05 | — | 0.22 | Jun 8, 2010 | Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than… | |||
| CVE-2006-3431 | 0.05 | — | 0.28 | Jul 7, 2006 | Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option,… | |||
| CVE-2006-3014 | 0.05 | — | 0.30 | Jun 22, 2006 | Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. | |||
| CVE-2005-4131 | 0.05 | — | 0.31 | Dec 9, 2005 | Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to… | |||
| CVE-2023-23399 | 0.04 | — | 0.03 | Mar 14, 2023 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2020-0901 | 0.04 | — | 0.12 | May 21, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||
| CVE-2012-5672 | 0.04 | — | 0.13 | Oct 25, 2012 | Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | |||
| CVE-2008-3471 | 0.04 | — | 0.52 | Oct 15, 2008 | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;… | |||
| CVE-2023-33133 | 0.03 | — | 0.44 | Jun 13, 2023 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2023-33137 | 0.03 | — | 0.03 | Jun 13, 2023 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2023-32029 | 0.03 | — | 0.54 | Jun 13, 2023 | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2020-1240 | 0.03 | — | 0.14 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||
| CVE-2020-0979 | 0.03 | — | 0.11 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906. | |||
| CVE-2020-0906 | 0.03 | — | 0.11 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979. |
- CVE-2015-2520Sep 9, 2015risk 0.05cvss —epss 0.28
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
- CVE-2011-1276Jun 16, 2011risk 0.05cvss —epss 0.28
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute…
- CVE-2010-1248Jun 8, 2010risk 0.05cvss —epss 0.27
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
- CVE-2010-1247Jun 8, 2010risk 0.05cvss —epss 0.22
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than…
- CVE-2010-1246Jun 8, 2010risk 0.05cvss —epss 0.25
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
- CVE-2010-1245Jun 8, 2010risk 0.05cvss —epss 0.22
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory…
- CVE-2010-0824Jun 8, 2010risk 0.05cvss —epss 0.22
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than…
- CVE-2006-3431Jul 7, 2006risk 0.05cvss —epss 0.28
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option,…
- CVE-2006-3014Jun 22, 2006risk 0.05cvss —epss 0.30
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
- CVE-2005-4131Dec 9, 2005risk 0.05cvss —epss 0.31
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to…
- CVE-2023-23399Mar 14, 2023risk 0.04cvss —epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2020-0901May 21, 2020risk 0.04cvss —epss 0.12
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- CVE-2012-5672Oct 25, 2012risk 0.04cvss —epss 0.13
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
- CVE-2008-3471Oct 15, 2008risk 0.04cvss —epss 0.52
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;…
- CVE-2023-33133Jun 13, 2023risk 0.03cvss —epss 0.44
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-33137Jun 13, 2023risk 0.03cvss —epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-32029Jun 13, 2023risk 0.03cvss —epss 0.54
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2020-1240Jul 14, 2020risk 0.03cvss —epss 0.14
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- CVE-2020-0979Apr 15, 2020risk 0.03cvss —epss 0.11
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906.
- CVE-2020-0906Apr 15, 2020risk 0.03cvss —epss 0.11
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.
Page 7 of 22