When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
Max CVSS
10.0
EPSS Score
1.81%
Published
2000-11-14
Updated
2017-10-10
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
Max CVSS
10.0
EPSS Score
94.69%
Published
2003-10-20
Updated
2018-10-12
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
Max CVSS
10.0
EPSS Score
65.99%
Published
2008-02-12
Updated
2018-10-12
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
Max CVSS
10.0
EPSS Score
2.31%
Published
2016-10-14
Updated
2018-10-12
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.
Max CVSS
10.0
EPSS Score
0.61%
Published
2019-11-12
Updated
2020-08-24
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
Max CVSS
9.8
EPSS Score
80.86%
Published
2008-01-16
Updated
2024-02-08
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Max CVSS
9.8
EPSS Score
3.48%
Published
2020-05-21
Updated
2021-07-21
Microsoft Word Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
45.35%
Published
2023-02-14
Updated
2023-02-23

CVE-2023-23397

Known exploited
Microsoft Outlook Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
92.35%
Published
2023-03-14
Updated
2023-03-20
CISA KEV Added
2023-03-14
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-09-12
Updated
2023-09-14
Microsoft Outlook Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
0.66%
Published
2024-02-13
Updated
2024-02-23
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Max CVSS
9.6
EPSS Score
5.83%
Published
2016-12-20
Updated
2018-10-12
Microsoft Office app Remote Code Execution Vulnerability
Max CVSS
9.6
EPSS Score
2.45%
Published
2021-12-15
Updated
2022-01-01
Microsoft Office Security Feature Bypass Vulnerability
Max CVSS
9.6
EPSS Score
0.38%
Published
2023-07-11
Updated
2023-07-14
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Max CVSS
9.3
EPSS Score
95.70%
Published
2004-09-28
Updated
2018-10-30
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
Max CVSS
9.3
EPSS Score
96.51%
Published
2006-09-12
Updated
2018-10-19
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
Max CVSS
9.3
EPSS Score
96.94%
Published
2006-07-11
Updated
2018-10-19
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
Max CVSS
9.3
EPSS Score
42.27%
Published
2006-07-11
Updated
2018-10-12
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
90.18%
Published
2007-02-13
Updated
2018-10-12
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
Max CVSS
9.3
EPSS Score
78.83%
Published
2006-07-11
Updated
2018-10-12
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."
Max CVSS
9.3
EPSS Score
12.44%
Published
2014-09-19
Updated
2018-10-12
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
Max CVSS
9.3
EPSS Score
45.52%
Published
2006-03-30
Updated
2018-10-18
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
Max CVSS
9.3
EPSS Score
68.67%
Published
2006-07-11
Updated
2018-10-12
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
Max CVSS
9.3
EPSS Score
57.89%
Published
2006-10-10
Updated
2018-10-18
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
Max CVSS
9.3
EPSS Score
73.68%
Published
2006-10-10
Updated
2018-10-30
815 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!