Microsoft Excel vulnerabilities
391 known vulnerabilities affecting microsoft/excel.
Total CVEs
391
CISA KEV
6
actively exploited
Public exploits
34
Exploited in wild
9
Severity breakdown
CRITICAL129HIGH211MEDIUM51
Vulnerabilities
Page 16 of 20
CVE-2010-3231CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3231 [CRITICAL] CWE-20 CVE-2010-3231: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac d
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
nvd
CVE-2010-3230CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3230 [CRITICAL] CWE-189 CVE-2010-3230: Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via a
Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
nvd
CVE-2010-3241CRITICALCVSS 9.3v20022010-10-13
CVE-2010-3241 [CRITICAL] CWE-20 CVE-2010-3241: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac d
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
nvd
CVE-2010-3238CRITICALCVSS 9.3v2002v20032010-10-13
CVE-2010-3238 [CRITICAL] CWE-20 CVE-2010-3238: Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary fi
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
nvd
CVE-2010-3240CRITICALCVSS 9.3v2002v20072010-10-13
CVE-2010-3240 [CRITICAL] CWE-20 CVE-2010-3240: Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Exc
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
nvd
CVE-2010-2562CRITICALCVSS 9.3v2002v20032010-08-11
CVE-2010-2562 [CRITICAL] CWE-94 CVE-2010-2562: Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
nvd
CVE-2010-1250CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1250 [CRITICAL] CWE-94 CVE-2010-1250: Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
nvd
CVE-2010-0821CRITICALCVSS 9.3v2002v2003+1 more2010-06-08
CVE-2010-0821 [CRITICAL] CWE-94 CVE-2010-0821: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 200
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via
nvd
CVE-2010-1249CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1249 [CRITICAL] CVE-2010-1249: Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Op
Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
nvd
CVE-2010-1252CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1252 [CRITICAL] CWE-94 CVE-2010-1252: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote a
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
nvd
CVE-2010-1247CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-1247 [CRITICAL] CVE-2010-1247: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbi
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
nvd
CVE-2010-1253CRITICALCVSS 9.3v2002v20072010-06-08
CVE-2010-1253 [CRITICAL] CWE-94 CVE-2010-1253: Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open X
Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function cal
nvd
CVE-2010-1245CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-1245 [CRITICAL] CVE-2010-1245: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for M
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-
nvd
CVE-2010-0824CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-0824 [CRITICAL] CVE-2010-0824: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote a
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
nvd
CVE-2010-1251CRITICALCVSS 9.3v20022010-06-08
CVE-2010-1251 [CRITICAL] CWE-94 CVE-2010-1251: Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote a
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
nvd
CVE-2010-0822CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-0822 [CRITICAL] CWE-94 CVE-2010-0822: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
nvd
CVE-2010-1246CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-1246 [CRITICAL] CWE-94 CVE-2010-1246: Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute ar
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
nvd
CVE-2010-1248CRITICALCVSS 9.3PoCv20022010-06-08
CVE-2010-1248 [CRITICAL] CWE-94 CVE-2010-1248: Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers t
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
nvd
CVE-2010-0823CRITICALCVSS 9.3v2002v2003+1 more2010-06-08
CVE-2010-0823 [CRITICAL] CWE-94 CVE-2010-0823: Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 200
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via
nvd
CVE-2010-0263CRITICALCVSS 9.3v2002v2003+1 more2010-03-10
CVE-2010-0263 [CRITICAL] CWE-94 CVE-2010-0263: Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, wh
nvd