Office For Mac
by Microsoft
CVEs (254)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21514 | 0.12 | — | 0.02 | KEV | Feb 10, 2026 | Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2011-0105 | 0.09 | — | 0.71 | Apr 13, 2011 | Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,… | |||
| CVE-2011-0104 | 0.07 | — | 0.53 | Apr 13, 2011 | Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer… | |||
| CVE-2015-2468 | 0.06 | — | 0.43 | Aug 15, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office… | |||
| CVE-2009-0565 | 0.06 | — | 0.41 | Jun 10, 2009 | Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote… | |||
| CVE-2008-0114 | 0.06 | — | 0.39 | Mar 11, 2008 | Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. | |||
| CVE-2008-0112 | 0.06 | — | 0.32 | Mar 11, 2008 | Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." | |||
| CVE-2010-1245 | 0.05 | — | 0.22 | Jun 8, 2010 | Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory… | |||
| CVE-2025-47175 | 0.03 | — | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47165 | 0.03 | — | 0.02 | Jun 10, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-27751 | 0.03 | — | 0.02 | Apr 8, 2025 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2009-1130 | 0.03 | — | 0.39 | May 12, 2009 | Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read… | |||
| CVE-2008-4028 | 0.03 | — | 0.38 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format… | |||
| CVE-2014-6357 | 0.02 | — | 0.19 | Dec 11, 2014 | Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps… | |||
| CVE-2012-0183 | 0.02 | — | 0.24 | May 9, 2012 | Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." | |||
| CVE-2011-3403 | 0.02 | — | 0.21 | Dec 14, 2011 | Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." | |||
| CVE-2011-0655 | 0.02 | — | 0.23 | Apr 13, 2011 | Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not… | |||
| CVE-2011-0976 | 0.02 | — | 0.25 | Feb 10, 2011 | Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art… | |||
| CVE-2010-3336 | 0.02 | — | 0.24 | Nov 10, 2010 | Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." | |||
| CVE-2010-3242 | 0.02 | — | 0.21 | Oct 13, 2010 | Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." |
- risk 0.12cvss —epss 0.02
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
- CVE-2011-0105Apr 13, 2011risk 0.09cvss —epss 0.71
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,…
- CVE-2011-0104Apr 13, 2011risk 0.07cvss —epss 0.53
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer…
- CVE-2015-2468Aug 15, 2015risk 0.06cvss —epss 0.43
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office…
- CVE-2009-0565Jun 10, 2009risk 0.06cvss —epss 0.41
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote…
- CVE-2008-0114Mar 11, 2008risk 0.06cvss —epss 0.39
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
- CVE-2008-0112Mar 11, 2008risk 0.06cvss —epss 0.32
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
- CVE-2010-1245Jun 8, 2010risk 0.05cvss —epss 0.22
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory…
- CVE-2025-47175Jun 10, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
- CVE-2025-47165Jun 10, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-27751Apr 8, 2025risk 0.03cvss —epss 0.02
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2009-1130May 12, 2009risk 0.03cvss —epss 0.39
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read…
- CVE-2008-4028Dec 10, 2008risk 0.03cvss —epss 0.38
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format…
- CVE-2014-6357Dec 11, 2014risk 0.02cvss —epss 0.19
Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps…
- CVE-2012-0183May 9, 2012risk 0.02cvss —epss 0.24
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
- CVE-2011-3403Dec 14, 2011risk 0.02cvss —epss 0.21
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
- CVE-2011-0655Apr 13, 2011risk 0.02cvss —epss 0.23
Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not…
- CVE-2011-0976Feb 10, 2011risk 0.02cvss —epss 0.25
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art…
- CVE-2010-3336Nov 10, 2010risk 0.02cvss —epss 0.24
Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
- CVE-2010-3242Oct 13, 2010risk 0.02cvss —epss 0.21
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
Page 5 of 13