Office Visio
by Microsoft
CVEs (411)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8579 | 0.01 | — | 0.13 | Nov 14, 2018 | An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558. | |||
| CVE-2018-8546 | 0.01 | — | 0.17 | Nov 14, 2018 | A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype. | |||
| CVE-2018-8427 | 0.01 | — | 0.08 | Oct 10, 2018 | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus,… | |||
| CVE-2018-8310 | 0.01 | — | 0.13 | Jul 11, 2018 | A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. | |||
| CVE-2018-8244 | 0.01 | — | 0.17 | Jun 14, 2018 | An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook. | |||
| CVE-2018-0950 | 0.01 | — | 0.11 | Apr 12, 2018 | An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This… | |||
| CVE-2026-26109 | 0.00 | — | 0.00 | Mar 10, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26108 | 0.00 | — | 0.00 | Mar 10, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26107 | 0.00 | — | 0.00 | Mar 10, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26113 | 0.00 | — | 0.00 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26112 | 0.00 | — | 0.00 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-21261 | 0.00 | — | 0.00 | Feb 10, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-21511 | 0.00 | — | 0.00 | Feb 10, 2026 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21260 | 0.00 | — | 0.00 | Feb 10, 2026 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21258 | 0.00 | — | 0.00 | Feb 10, 2026 | Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-21259 | 0.00 | — | 0.00 | Feb 10, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-20957 | 0.00 | — | 0.00 | Jan 13, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20952 | 0.00 | — | 0.00 | Jan 13, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20950 | 0.00 | — | 0.00 | Jan 13, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20948 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
- CVE-2018-8579Nov 14, 2018risk 0.01cvss —epss 0.13
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
- CVE-2018-8546Nov 14, 2018risk 0.01cvss —epss 0.17
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
- CVE-2018-8427Oct 10, 2018risk 0.01cvss —epss 0.08
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus,…
- CVE-2018-8310Jul 11, 2018risk 0.01cvss —epss 0.13
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
- CVE-2018-8244Jun 14, 2018risk 0.01cvss —epss 0.17
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
- CVE-2018-0950Apr 12, 2018risk 0.01cvss —epss 0.11
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This…
- CVE-2026-26109Mar 10, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26108Mar 10, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26107Mar 10, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26113Mar 10, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-26112Mar 10, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-21261Feb 10, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-21511Feb 10, 2026risk 0.00cvss —epss 0.00
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21260Feb 10, 2026risk 0.00cvss —epss 0.00
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21258Feb 10, 2026risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-21259Feb 10, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-20957Jan 13, 2026risk 0.00cvss —epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20952Jan 13, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20950Jan 13, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20948Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Page 11 of 21