Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Office
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 838 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-13 | CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Project_2016 | 8.8 | ||
| 2023-03-14 | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Outlook | 9.8 | ||
| 2023-07-11 | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | 365_apps, Office, Outlook | 7.5 | ||
| 2024-08-12 | CVE-2024-38200 | Microsoft Office Spoofing Vulnerability | 365_apps, Office, Office_long_term_servicing_channel | 6.5 | ||
| 2019-08-14 | CVE-2019-1148 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles... | Office, Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 5.5 | ||
| 2022-12-13 | CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability | Office, Office_long_term_servicing_channel | 7.5 | ||
| 2018-01-10 | CVE-2018-0802 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. | Office, Office_compatibility_pack, Word | 7.8 | ||
| 2021-03-11 | CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | Office | 7.6 | ||
| 2012-04-10 | CVE-2012-0158 | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a)... | Biztalk_server, Commerce_server, Commerce_server_2009, Office, Office_web_components, Sql_server_2000, Sql_server_2005, Sql_server_2008, Visual_basic, Visual_foxpro | 8.8 | ||
| 2013-11-06 | CVE-2013-3906 | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013. | Excel_viewer, Lync, Office, Office_compatibility_pack, Powerpoint_viewer, Windows_server_2008, Windows_vista, Word_viewer | 7.8 |