cbcvebase.

Microsoft Excel vulnerabilities

400 known vulnerabilities affecting microsoft/excel.

Total CVEs
400
CISA KEV
6
actively exploited
Public exploits
34
Exploited in wild
9
Severity breakdown
CRITICAL128HIGH220MEDIUM52

Vulnerabilities

Page 16 of 20
CVE-2011-0980CRITICALCVSS 9.3v2002v20032011-02-10
CVE-2011-0980 [CRITICAL] CWE-264 CVE-2011-0980: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Conver Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
nvd
CVE-2010-3236CRITICALCVSS 9.3v2002v20032010-10-13
CVE-2010-3236 [CRITICAL] CWE-20 CVE-2010-3236: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Conver Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
nvd
CVE-2010-3233CRITICALCVSS 9.3v2002v20032010-10-13
CVE-2010-3233 [CRITICAL] CWE-20 CVE-2010-3233: Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows re Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
nvd
CVE-2010-3237CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3237 [CRITICAL] CWE-20 CVE-2010-3237: Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
nvd
CVE-2010-3242CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3242 [CRITICAL] CWE-20 CVE-2010-3242: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac d Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
nvd
CVE-2010-3235CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3235 [CRITICAL] CWE-20 CVE-2010-3235: Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attacke Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
nvd
CVE-2010-3232CRITICALCVSS 9.3v2003v20072010-10-13
CVE-2010-3232 [CRITICAL] CWE-20 CVE-2010-3232: Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel
nvd
CVE-2010-3239CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3239 [CRITICAL] CWE-20 CVE-2010-3239: Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attacker Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
nvd
CVE-2010-3234CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3234 [CRITICAL] CWE-20 CVE-2010-3234: Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attacke Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
nvd
CVE-2010-3231CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3231 [CRITICAL] CWE-20 CVE-2010-3231: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac d Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
nvd
CVE-2010-3230CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3230 [CRITICAL] CWE-189 CVE-2010-3230: Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via a Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
nvd
CVE-2010-3241CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3241 [CRITICAL] CWE-20 CVE-2010-3241: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac d Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
nvd
CVE-2010-3238CRITICALCVSS 9.3v2002v20032010-10-13
CVE-2010-3238 [CRITICAL] CWE-20 CVE-2010-3238: Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary fi Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
nvd
CVE-2010-3240CRITICALCVSS 9.3v2002v20072010-10-13
CVE-2010-3240 [CRITICAL] CWE-20 CVE-2010-3240: Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Exc Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
nvd
CVE-2010-2562CRITICALCVSS 9.3v2002v20032010-08-11
CVE-2010-2562 [CRITICAL] CWE-94 CVE-2010-2562: Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
nvd
CVE-2010-1250CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1250 [CRITICAL] CWE-94 CVE-2010-1250: Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
nvd
CVE-2010-0821CRITICALCVSS 9.3v2002v2003+1 more2010-06-08
CVE-2010-0821 [CRITICAL] CWE-94 CVE-2010-0821: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 200 Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via
nvd
CVE-2010-1249CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1249 [CRITICAL] CVE-2010-1249: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Op Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
nvd
CVE-2010-1252CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1252 [CRITICAL] CWE-94 CVE-2010-1252: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote a Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
nvd
CVE-2010-1247CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-1247 [CRITICAL] CVE-2010-1247: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbi Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
nvd
← Previous16 / 20Next →