Office For Mac
by Microsoft
CVEs (254)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1639 | 0.01 | — | 0.09 | Apr 14, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability." | |||
| CVE-2011-1277 | 0.01 | — | 0.16 | Jun 16, 2011 | Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)… | |||
| CVE-2002-0021 | 0.01 | — | 0.14 | Mar 8, 2002 | Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. | |||
| CVE-2026-26109 | 0.00 | — | 0.00 | Mar 10, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26108 | 0.00 | — | 0.00 | Mar 10, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26107 | 0.00 | — | 0.00 | Mar 10, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26113 | 0.00 | — | 0.01 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26112 | 0.00 | — | 0.00 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-21261 | 0.00 | — | 0.01 | Feb 10, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-21511 | 0.00 | — | 0.04 | Feb 10, 2026 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21258 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-20957 | 0.00 | — | 0.00 | Jan 13, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20952 | 0.00 | — | 0.01 | Jan 13, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20950 | 0.00 | — | 0.00 | Jan 13, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20949 | 0.00 | — | 0.00 | Jan 13, 2026 | Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-20948 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20956 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20955 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20953 | 0.00 | — | 0.01 | Jan 13, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20946 | 0.00 | — | 0.01 | Jan 13, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
- CVE-2015-1639Apr 14, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."
- CVE-2011-1277Jun 16, 2011risk 0.01cvss —epss 0.16
Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
- CVE-2002-0021Mar 8, 2002risk 0.01cvss —epss 0.14
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
- CVE-2026-26109Mar 10, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26108Mar 10, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26107Mar 10, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26113Mar 10, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-26112Mar 10, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-21261Feb 10, 2026risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-21511Feb 10, 2026risk 0.00cvss —epss 0.04
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21258Feb 10, 2026risk 0.00cvss —epss 0.01
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-20957Jan 13, 2026risk 0.00cvss —epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20952Jan 13, 2026risk 0.00cvss —epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20950Jan 13, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20949Jan 13, 2026risk 0.00cvss —epss 0.00
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
- CVE-2026-20948Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-20956Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20955Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20953Jan 13, 2026risk 0.00cvss —epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20946Jan 13, 2026risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Page 7 of 13