CVE-2017-0199

Known exploited
Public exploit
Used for ransomware
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Max CVSS
9.3
EPSS Score
97.43%
Published
2017-04-12
Updated
2019-10-03
CISA KEV Added
2021-11-03

CVE-2014-1761

Known exploited
Public exploit
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
Max CVSS
9.3
EPSS Score
61.45%
Published
2014-03-25
Updated
2018-10-30
CISA KEV Added
2022-02-15

CVE-2013-3906

Known exploited
Public exploit
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Max CVSS
9.3
EPSS Score
97.13%
Published
2013-11-06
Updated
2023-12-07
CISA KEV Added
2022-02-15

CVE-2012-0158

Known exploited
Public exploit
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
Max CVSS
9.3
EPSS Score
97.30%
Published
2012-04-10
Updated
2018-10-12
CISA KEV Added
2021-11-03

CVE-2011-0105

Public exploit
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
Max CVSS
9.3
EPSS Score
97.05%
Published
2011-04-13
Updated
2018-10-12

CVE-2010-3333

Known exploited
Public exploit
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
97.33%
Published
2010-11-10
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2010-0822

Public exploit
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
97.05%
Published
2010-06-08
Updated
2018-10-12

CVE-2009-3129

Known exploited
Public exploit
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.31%
Published
2009-11-11
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2009-1534

Public exploit
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
95.73%
Published
2009-08-12
Updated
2018-10-12

CVE-2009-1136

Public exploit
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
Max CVSS
9.3
EPSS Score
96.68%
Published
2009-07-15
Updated
2018-10-12

CVE-2008-1898

Public exploit
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
Max CVSS
9.3
EPSS Score
96.71%
Published
2008-04-21
Updated
2018-10-11
Microsoft Outlook Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
0.66%
Published
2024-02-13
Updated
2024-02-23
Microsoft Word Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-03-01
Microsoft Outlook Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-03-01
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update.
Max CVSS
7.8
EPSS Score
0.11%
Published
2024-01-09
Updated
2024-03-23
Microsoft Office Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-22
Microsoft Excel Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-10
Microsoft Outlook Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-10

CVE-2023-36884

Known exploited
Used for ransomware
Windows Search Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
50.79%
Published
2023-07-11
Updated
2023-08-08
CISA KEV Added
2023-07-17
Microsoft Office Visio Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-11
Microsoft Office Visio Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-11
Microsoft Word Remote Code Execution Vulnerability
Max CVSS
7.3
EPSS Score
0.09%
Published
2023-09-12
Updated
2023-09-14
Microsoft Office Graphics Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-11-14
Updated
2023-11-20
Microsoft Excel Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.25%
Published
2023-11-14
Updated
2023-11-20
Microsoft Office Visio Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
0.11%
Published
2023-08-08
Updated
2023-08-10
616 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!