Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
Max CVSS
6.9
EPSS Score
0.05%
Published
2012-07-10
Updated
2018-10-12
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
Max CVSS
6.9
EPSS Score
0.06%
Published
2012-07-10
Updated
2018-10-12
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-09-11
Updated
2018-10-12
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Max CVSS
6.8
EPSS Score
14.97%
Published
2002-10-04
Updated
2024-02-09
A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
Max CVSS
6.8
EPSS Score
87.48%
Published
2008-08-13
Updated
2018-10-30
The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."
Max CVSS
6.8
EPSS Score
0.66%
Published
2014-05-14
Updated
2018-10-30
Microsoft Office Online Spoofing Vulnerability
Max CVSS
6.8
EPSS Score
0.20%
Published
2020-11-11
Updated
2023-12-31
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
Max CVSS
6.6
EPSS Score
0.04%
Published
2008-08-12
Updated
2018-10-12
The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."
Max CVSS
6.5
EPSS Score
0.52%
Published
2016-09-14
Updated
2018-10-12
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Max CVSS
6.5
EPSS Score
23.23%
Published
2016-11-10
Updated
2018-10-12
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.
Max CVSS
6.5
EPSS Score
0.92%
Published
2017-06-15
Updated
2017-06-26
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.
Max CVSS
6.5
EPSS Score
0.94%
Published
2017-06-15
Updated
2019-03-19
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.
Max CVSS
6.5
EPSS Score
1.10%
Published
2017-06-15
Updated
2019-06-20
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.
Max CVSS
6.5
EPSS Score
0.92%
Published
2017-06-15
Updated
2017-06-26
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
Max CVSS
6.5
EPSS Score
0.23%
Published
2017-12-12
Updated
2017-12-27
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-01-10
Updated
2019-10-03
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-02-15
Updated
2019-10-03
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
Max CVSS
6.5
EPSS Score
1.91%
Published
2018-04-12
Updated
2020-08-24
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
Max CVSS
6.5
EPSS Score
0.23%
Published
2018-05-09
Updated
2019-10-03
An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.
Max CVSS
6.5
EPSS Score
4.99%
Published
2018-05-09
Updated
2018-06-06
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
Max CVSS
6.5
EPSS Score
0.32%
Published
2018-06-14
Updated
2018-08-06
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.
Max CVSS
6.5
EPSS Score
0.49%
Published
2018-11-14
Updated
2018-12-14
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
Max CVSS
6.5
EPSS Score
1.00%
Published
2018-11-14
Updated
2020-08-24
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
Max CVSS
6.5
EPSS Score
1.43%
Published
2019-01-08
Updated
2020-08-24
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Max CVSS
6.5
EPSS Score
1.75%
Published
2019-03-05
Updated
2020-08-24
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!