Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Office
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 838 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-09-09 | CVE-2015-2545 | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." | Office | 7.8 | ||
| 2017-05-12 | CVE-2017-0261 | Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. | Office | 7.8 | ||
| 2021-09-15 | CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | 365_apps, Office | 7.8 | ||
| 2024-07-09 | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | 365_apps, Office, Office_long_term_servicing_channel, Outlook | 6.5 | ||
| 2024-07-09 | CVE-2024-38021 | Microsoft Outlook Remote Code Execution Vulnerability | 365_apps, Office, Office_long_term_servicing_channel | 8.8 | ||
| 2015-06-10 | CVE-2015-1770 | Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | Office | 8.8 | ||
| 2019-08-14 | CVE-2019-1205 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of... | Office, Office_365_proplus, Office_online_server, Sharepoint_server | 7.8 | ||
| 2020-08-17 | CVE-2020-1493 | An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The... | 365_apps, Office, Outlook | 5.5 | ||
| 2006-05-20 | CVE-2006-2492 | Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | Office, Works_suite | 8.8 | ||
| 2009-06-10 | CVE-2009-0563 | Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow... | Office, Office_compatibility_pack, Office_word_viewer, Open_xml_file_format_converter | 7.8 |