Microsoft Office vulnerabilities
989 known vulnerabilities affecting microsoft/office.
Total CVEs
989
CISA KEV
35
actively exploited
Public exploits
98
Exploited in wild
42
Severity breakdown
CRITICAL279HIGH551MEDIUM153LOW6
Vulnerabilities
Page 22 of 50
CVE-2019-1400MEDIUMCVSS 5.5v2010v2013+2 more2019-12-10
CVE-2019-1400 [MEDIUM] CWE-200 CVE-2019-1400: An information disclosure vulnerability exists in Microsoft Access software when the software fails
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.
nvd
CVE-2019-1461MEDIUMCVSS 6.5v2010v20192019-12-10
CVE-2019-1461 [MEDIUM] CVE-2019-1461: A denial of service vulnerability exists in Microsoft Word software when the software fails to prope
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
nvd
CVE-2019-1449CRITICALCVSS 9.8v20192019-11-12
CVE-2019-1449 [CRITICAL] CVE-2019-1449: A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office C
nvd
CVE-2019-1448HIGHCVSS 7.8v2016v20192019-11-12
CVE-2019-1448 [HIGH] CVE-2019-1448: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
nvd
CVE-2019-1457HIGHCVSS 7.8v2016v20192019-11-12
CVE-2019-1457 [HIGH] CWE-732 CVE-2019-1457: A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro s
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.
nvd
CVE-2019-1446MEDIUMCVSS 5.5v2010v2013+2 more2019-11-12
CVE-2019-1446 [MEDIUM] CWE-200 CVE-2019-1446: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the content
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
nvd
CVE-2019-1402MEDIUMCVSS 5.5v2010v2013+2 more2019-11-12
CVE-2019-1402 [MEDIUM] CWE-200 CVE-2019-1402: An information disclosure vulnerability exists in Microsoft Office software when the software fails
An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
nvd
CVE-2019-1331HIGHCVSS 8.8Exploitedv2010v2013+2 more2019-10-10
CVE-2019-1331 [HIGH] CVE-2019-1331: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
nvd
CVE-2019-1246HIGHCVSS 7.8v2010v2013+2 more2019-09-11
CVE-2019-1246 [HIGH] CVE-2019-1246: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.
nvd
CVE-2019-1297HIGHCVSS 8.8KEVv2016v20192019-09-11
CVE-2019-1297 [HIGH] CVE-2019-1297: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
nvd
CVE-2019-1264HIGHCVSS 7.8v2010v2013+2 more2019-09-11
CVE-2019-1264 [HIGH] CWE-20 CVE-2019-1264: A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka '
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
nvd
CVE-2019-1263MEDIUMCVSS 5.5v2016v20192019-09-11
CVE-2019-1263 [MEDIUM] CWE-200 CVE-2019-1263: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the content
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
nvd
CVE-2019-1205CRITICALCVSS 9.8v2016v20192019-08-14
CVE-2019-1205 [CRITICAL] CVE-2019-1205: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same
nvd
CVE-2019-1200HIGHCVSS 7.8v20192019-08-14
CVE-2019-1200 [HIGH] CVE-2019-1200: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user wi
nvd
CVE-2019-1201HIGHCVSS 7.8v2010v2016+1 more2019-08-14
CVE-2019-1201 [HIGH] CVE-2019-1201: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same perm
nvd
CVE-2019-1151HIGHCVSS 8.8PoCv20192019-08-14
CVE-2019-1151 [HIGH] CWE-787 CVE-2019-1151: A remote code execution vulnerability exists when the Windows font library improperly handles specia
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos
nvd
CVE-2019-1199HIGHCVSS 7.8v20192019-08-14
CVE-2019-1199 [HIGH] CWE-787 CVE-2019-1199: A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properl
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec
nvd
CVE-2019-1155HIGHCVSS 7.8v2010v2013+2 more2019-08-14
CVE-2019-1155 [HIGH] CVE-2019-1155: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2019-1149HIGHCVSS 8.8PoCv20192019-08-14
CVE-2019-1149 [HIGH] CWE-787 CVE-2019-1149: A remote code execution vulnerability exists when the Windows font library improperly handles specia
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos
nvd
CVE-2019-1204MEDIUMCVSS 4.3v20192019-08-14
CVE-2019-1204 [MEDIUM] CWE-20 CVE-2019-1204: An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incomi
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).
To exploit the vulnerability, the att
nvd