Microsoft Word

CVEs (48)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2015-1641	Microsoft Word	Hig	0.70	7.8	0.94	KEV	Apr 14, 2015	Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote…
CVE-2023-33150	Microsoft Office	Cri	0.62	9.6	0.00		Jul 11, 2023	Microsoft Office Security Feature Bypass Vulnerability
CVE-2024-20673	Microsoft Office	Hig	0.51	7.8	0.00		Feb 13, 2024	Microsoft Office Remote Code Execution Vulnerability
CVE-2022-41061	Microsoft Word	Hig	0.51	7.8	0.01		Nov 9, 2022	Microsoft Word Remote Code Execution Vulnerability
CVE-2023-29335	Microsoft Word	Hig	0.49	7.5	0.00		May 9, 2023	Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-41103	Microsoft Word	Med	0.36	5.5	0.02		Nov 9, 2022	Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060	Microsoft Word	Med	0.36	5.5	0.02		Nov 9, 2022	Microsoft Word Information Disclosure Vulnerability
CVE-2022-29107	Microsoft Office	Med	0.36	5.5	0.08		May 10, 2022	Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-24511	Microsoft Office	Med	0.36	5.5	0.01		Mar 9, 2022	Microsoft Office Word Tampering Vulnerability
CVE-2023-36761	Microsoft Word		0.12	—	0.06	KEV	Sep 12, 2023	Microsoft Word Information Disclosure Vulnerability
CVE-2006-3493	Microsoft Office		0.08	—	0.58		Jul 10, 2006	Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other…
CVE-2023-21716	Microsoft Word		0.07	—	0.91		Feb 14, 2023	Microsoft Word Remote Code Execution Vulnerability
CVE-2010-3214	Microsoft Word		0.05	—	0.61		Oct 13, 2010	Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web…
CVE-2018-8161	Microsoft Word		0.03	—	0.32		May 9, 2018	A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE…
CVE-2014-1758	Microsoft Word		0.03	—	0.32		Apr 8, 2014	Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."
CVE-2019-0585	Microsoft Word		0.02	—	0.28		Jan 8, 2019	A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft…
CVE-2019-0561	Microsoft Word		0.02	—	0.23		Jan 8, 2019	An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
CVE-2018-8573	Microsoft Office		0.02	—	0.29		Nov 14, 2018	A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from…
CVE-2018-8504	Microsoft Office		0.02	—	0.26		Oct 10, 2018	A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office,…
CVE-2002-0619	Microsoft Office		0.02	—	0.20		Aug 12, 2002	The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge…

CVE-2015-1641HigKEVApr 14, 2015
Microsoft
Word
risk 0.70cvss 7.8epss 0.94
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote…
CVE-2023-33150CriJul 11, 2023
Microsoft
Office
risk 0.62cvss 9.6epss 0.00
Microsoft Office Security Feature Bypass Vulnerability
CVE-2024-20673HigFeb 13, 2024
Microsoft
Office
risk 0.51cvss 7.8epss 0.00
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-41061HigNov 9, 2022
Microsoft
Word
risk 0.51cvss 7.8epss 0.01
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-29335HigMay 9, 2023
Microsoft
Word
risk 0.49cvss 7.5epss 0.00
Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-41103MedNov 9, 2022
Microsoft
Word
risk 0.36cvss 5.5epss 0.02
Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060MedNov 9, 2022
Microsoft
Word
risk 0.36cvss 5.5epss 0.02
Microsoft Word Information Disclosure Vulnerability
CVE-2022-29107MedMay 10, 2022
Microsoft
Office
risk 0.36cvss 5.5epss 0.08
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-24511MedMar 9, 2022
Microsoft
Office
risk 0.36cvss 5.5epss 0.01
Microsoft Office Word Tampering Vulnerability
CVE-2023-36761KEVSep 12, 2023
Microsoft
Word
risk 0.12cvss —epss 0.06
Microsoft Word Information Disclosure Vulnerability
CVE-2006-3493Jul 10, 2006
Microsoft
Office
risk 0.08cvss —epss 0.58
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other…
CVE-2023-21716Feb 14, 2023
Microsoft
Word
risk 0.07cvss —epss 0.91
Microsoft Word Remote Code Execution Vulnerability
CVE-2010-3214Oct 13, 2010
Microsoft
Word
risk 0.05cvss —epss 0.61
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web…
CVE-2018-8161May 9, 2018
Microsoft
Word
risk 0.03cvss —epss 0.32
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE…
CVE-2014-1758Apr 8, 2014
Microsoft
Word
risk 0.03cvss —epss 0.32
Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."
CVE-2019-0585Jan 8, 2019
Microsoft
Word
risk 0.02cvss —epss 0.28
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft…
CVE-2019-0561Jan 8, 2019
Microsoft
Word
risk 0.02cvss —epss 0.23
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.
CVE-2018-8573Nov 14, 2018
Microsoft
Office
risk 0.02cvss —epss 0.29
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from…
CVE-2018-8504Oct 10, 2018
Microsoft
Office
risk 0.02cvss —epss 0.26
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office,…
CVE-2002-0619Aug 12, 2002
Microsoft
Office
risk 0.02cvss —epss 0.20
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge…

Page 1 of 3