Microsoft 365 Apps For Enterprise vulnerabilities
447 known vulnerabilities affecting microsoft/microsoft_365_apps_for_enterprise.
Total CVEs
447
CISA KEV
10
actively exploited
Public exploits
13
Exploited in wild
9
Severity breakdown
CRITICAL4HIGH380MEDIUM61LOW2
Vulnerabilities
Page 21 of 23
CVE-2020-17123HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17123 [HIGH] CVE-2020-17123: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17129HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17129 [HIGH] CVE-2020-17129: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17124HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17124 [HIGH] CVE-2020-17124: Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17125HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17125 [HIGH] CVE-2020-17125: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17119HIGHCVSS 7.5≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17119 [HIGH] CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
Microsoft Outlook Information Disclosure Vulnerability
cvelistv5nvd
CVE-2020-17128HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17128 [HIGH] CVE-2020-17128: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17130MEDIUMCVSS 6.5≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17130 [MEDIUM] CVE-2020-17130: Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2020-17126MEDIUMCVSS 5.5≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17126 [MEDIUM] CVE-2020-17126: Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
cvelistv5nvd
CVE-2020-17064HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17064 [HIGH] CVE-2020-17064: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17065HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17065 [HIGH] CVE-2020-17065: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17062HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17062 [HIGH] CVE-2020-17062: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17067HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17067 [HIGH] CVE-2020-17067: Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2020-17020MEDIUMCVSS 5.5≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17020 [MEDIUM] CVE-2020-17020: Microsoft Word Security Feature Bypass Vulnerability
Microsoft Word Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2020-17063MEDIUMCVSS 6.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17063 [MEDIUM] Microsoft Office Online Spoofing Vulnerability
Microsoft Office Online Spoofing Vulnerability
Microsoft Office Online Spoofing Vulnerability
cvelistv5
CVE-2020-16955HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16955 [HIGH] CVE-2020-16955: <p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.
To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.
The security update addresses the vulnerab
cvelistv5nvd
CVE-2020-16934HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16934 [HIGH] CVE-2020-16934: <p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.
To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.
The security update addresses the vulnerab
cvelistv5nvd
CVE-2020-16954HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16954 [HIGH] CVE-2020-16954: <p>A remote code execution vulnerability exists in Microsoft Office software when the software fails
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the aff
cvelistv5nvd
CVE-2020-16932HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16932 [HIGH] CWE-908 CVE-2020-16932: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd
CVE-2020-16957HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16957 [HIGH] CVE-2020-16957: <p>A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update address
cvelistv5nvd
CVE-2020-16931HIGHCVSS 7.8≥ 16.0.1, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16931 [HIGH] CWE-908 CVE-2020-16931: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd