Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-09-12
Updated
2023-09-14
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
8.4
EPSS Score
0.05%
Published
2023-10-10
Updated
2023-10-13
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Max CVSS
7.0
EPSS Score
0.05%
Published
2023-10-10
Updated
2023-10-13
Microsoft Office Graphics Elevation of Privilege Vulnerability
Max CVSS
7.0
EPSS Score
0.05%
Published
2023-10-10
Updated
2023-10-13
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-11
Updated
2023-07-21
Windows Graphics Component Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-03-14
Updated
2023-03-21

CVE-2023-23397

Known exploited
Microsoft Outlook Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
92.35%
Published
2023-03-14
Updated
2023-03-20
CISA KEV Added
2023-03-14
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
Max CVSS
6.5
EPSS Score
0.14%
Published
2021-12-15
Updated
2022-07-12
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p> <p>To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.</p>
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-16
Updated
2023-12-31
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p> <p>To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.</p>
Max CVSS
7.8
EPSS Score
0.16%
Published
2020-10-16
Updated
2023-12-31
<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.</p> <p>To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle these files.</p>
Max CVSS
7.8
EPSS Score
0.15%
Published
2020-10-16
Updated
2023-12-31
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.
Max CVSS
9.3
EPSS Score
0.14%
Published
2020-08-17
Updated
2024-01-19
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'.
Max CVSS
4.3
EPSS Score
0.22%
Published
2019-08-14
Updated
2020-08-24
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
Max CVSS
6.5
EPSS Score
0.32%
Published
2018-06-14
Updated
2018-08-06
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-02-15
Updated
2019-10-03
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
Max CVSS
5.5
EPSS Score
3.70%
Published
2016-11-10
Updated
2018-10-12
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
Max CVSS
10.0
EPSS Score
2.31%
Published
2016-10-14
Updated
2018-10-12
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
Max CVSS
9.3
EPSS Score
11.36%
Published
2016-05-11
Updated
2018-10-12

CVE-2014-4077

Known exploited
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
Max CVSS
9.3
EPSS Score
0.74%
Published
2014-11-11
Updated
2018-10-12
CISA KEV Added
2022-05-25
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!