| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-8310 |
20 |
|
|
2018-07-10 |
2018-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. |
|
2 |
CVE-2016-7291 |
125 |
|
DoS +Info |
2016-12-20 |
2018-10-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290. |
|
3 |
CVE-2016-7290 |
125 |
|
DoS +Info |
2016-12-20 |
2018-10-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291. |
|
4 |
CVE-2016-7276 |
125 |
|
DoS +Info |
2016-12-20 |
2018-10-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." |
|
5 |
CVE-2016-7268 |
125 |
|
DoS +Info |
2016-12-20 |
2018-10-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." |
|
6 |
CVE-2016-3263 |
200 |
|
Bypass +Info |
2016-10-13 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262. |
|
7 |
CVE-2016-3262 |
200 |
|
Bypass +Info |
2016-10-13 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263. |
|
8 |
CVE-2016-3209 |
200 |
|
Bypass +Info |
2016-10-13 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." |
|
9 |
CVE-2014-2730 |
399 |
|
DoS |
2014-04-05 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564. |
|
10 |
CVE-2013-3160 |
200 |
|
+Info |
2013-09-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." |
|
11 |
CVE-2013-0095 |
200 |
|
+Info |
2013-03-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." |
|
12 |
CVE-2007-2903 |
|
|
DoS Overflow |
2007-05-30 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. |
|
13 |
CVE-2006-3868 |
|
|
Exec Code |
2006-10-10 |
2018-10-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. |
|
14 |
CVE-2006-3493 |
|
|
DoS Exec Code Overflow |
2006-07-10 |
2018-10-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. |
|
15 |
CVE-2006-2387 |
|
|
Exec Code |
2006-10-10 |
2018-10-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. |
|
16 |
CVE-2006-0031 |
119 |
|
Exec Code Overflow Mem. Corr. |
2006-03-14 |
2018-10-19 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. |
|
17 |
CVE-2006-0030 |
|
|
Exec Code Mem. Corr. |
2006-03-14 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. |
|
18 |
CVE-2006-0029 |
|
|
Exec Code Mem. Corr. |
2006-03-14 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. |
|
19 |
CVE-2006-0028 |
|
|
Exec Code Mem. Corr. |
2006-03-14 |
2018-10-19 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. |
|
20 |
CVE-2006-0009 |
|
|
Exec Code Overflow |
2006-03-14 |
2018-10-19 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. |
|
21 |
CVE-2006-0004 |
|
|
+Info |
2006-02-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). |
|
22 |
CVE-2002-1716 |
|
|
|
2002-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. |
|
23 |
CVE-2002-0617 |
|
|
Exec Code Bypass |
2002-08-12 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." |
|
24 |
CVE-2002-0616 |
|
|
Exec Code |
2002-08-12 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." |
|
25 |
CVE-2002-0021 |
|
|
DoS |
2002-03-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. |
|
26 |
CVE-2001-0003 |
|
|
|
2001-02-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. |
