Microsoft Office 2019 vulnerabilities
388 known vulnerabilities affecting microsoft/microsoft_office_2019.
Total CVEs
388
CISA KEV
9
actively exploited
Public exploits
9
Exploited in wild
9
Severity breakdown
CRITICAL6HIGH326MEDIUM55LOW1
Vulnerabilities
Page 18 of 20
CVE-2020-17128HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17128 [HIGH] CVE-2020-17128: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17126MEDIUMCVSS 5.5≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-12-10
CVE-2020-17126 [MEDIUM] CVE-2020-17126: Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
cvelistv5nvd
CVE-2020-17064HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17064 [HIGH] CVE-2020-17064: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17065HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17065 [HIGH] CVE-2020-17065: Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17062HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17062 [HIGH] CVE-2020-17062: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-17067HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17067 [HIGH] CVE-2020-17067: Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2020-17020MEDIUMCVSS 5.5≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17020 [MEDIUM] CVE-2020-17020: Microsoft Word Security Feature Bypass Vulnerability
Microsoft Word Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2020-17063MEDIUMCVSS 6.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-11-11
CVE-2020-17063 [MEDIUM] Microsoft Office Online Spoofing Vulnerability
Microsoft Office Online Spoofing Vulnerability
Microsoft Office Online Spoofing Vulnerability
cvelistv5
CVE-2020-16955HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16955 [HIGH] CVE-2020-16955: <p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.
To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.
The security update addresses the vulnerab
cvelistv5nvd
CVE-2020-16934HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16934 [HIGH] CVE-2020-16934: <p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.
To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.
The security update addresses the vulnerab
cvelistv5nvd
CVE-2020-16954HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16954 [HIGH] CVE-2020-16954: <p>A remote code execution vulnerability exists in Microsoft Office software when the software fails
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the aff
cvelistv5nvd
CVE-2020-16932HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16932 [HIGH] CWE-908 CVE-2020-16932: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd
CVE-2020-16957HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16957 [HIGH] CVE-2020-16957: <p>A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update address
cvelistv5nvd
CVE-2020-16931HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16931 [HIGH] CWE-908 CVE-2020-16931: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd
CVE-2020-16929HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16929 [HIGH] CWE-416 CVE-2020-16929: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd
CVE-2020-16930HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16930 [HIGH] CWE-787 CVE-2020-16930: <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of t
cvelistv5nvd
CVE-2020-16928HIGHCVSS 7.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16928 [HIGH] CVE-2020-16928: <p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges.
To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted file.
The security update addresses the vulnerab
cvelistv5nvd
CVE-2020-16949HIGHCVSS 7.5≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16949 [HIGH] CWE-401 CVE-2020-16949: <p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook
cvelistv5nvd
CVE-2020-16947HIGHCVSS 8.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16947 [HIGH] CWE-125 CVE-2020-16947: <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fail
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with administrative user rights, an attacker could take control
cvelistv5nvd
CVE-2020-16933HIGHCVSS 8.8≥ 19.0.0, < https://aka.ms/OfficeSecurityReleases2020-10-16
CVE-2020-16933 [HIGH] CVE-2020-16933: <p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to proper
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the
cvelistv5nvd