Microsoft Office vulnerabilities
987 known vulnerabilities affecting microsoft/office.
Total CVEs
987
CISA KEV
35
actively exploited
Public exploits
98
Exploited in wild
42
Severity breakdown
CRITICAL279HIGH549MEDIUM153LOW6
Vulnerabilities
Page 28 of 50
CVE-2018-0792HIGHCVSS 8.8v20162018-01-10
CVE-2018-0792 [HIGH] CWE-787 CVE-2018-0792: Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.
nvd
CVE-2018-0812HIGHCVSS 7.8v2007v2010+2 more2018-01-10
CVE-2018-0812 [HIGH] CWE-787 CVE-2018-0812: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".
nvd
CVE-2018-0806HIGHCVSS 8.8v2007v2010+2 more2018-01-10
CVE-2018-0806 [HIGH] CVE-2018-0806: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
nvd
CVE-2018-0794HIGHCVSS 8.8v2010v20162018-01-10
CVE-2018-0794 [HIGH] CVE-2018-0794: Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
nvd
CVE-2018-0791HIGHCVSS 7.8v20162018-01-10
CVE-2018-0791 [HIGH] CVE-2018-0791: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 a
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
nvd
CVE-2018-0805HIGHCVSS 8.8v2007v2010+2 more2018-01-10
CVE-2018-0805 [HIGH] CVE-2018-0805: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
nvd
CVE-2018-0802HIGHCVSS 7.8KEVv2007v2010+2 more2018-01-10
CVE-2018-0802 [HIGH] CVE-2018-0802: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
nvd
CVE-2018-0804HIGHCVSS 8.8v2007v2010+2 more2018-01-10
CVE-2018-0804 [HIGH] CVE-2018-0804: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
nvd
CVE-2018-0798HIGHCVSS 8.8KEVv2007v2010+2 more2018-01-10
CVE-2018-0798 [HIGH] CWE-787 CVE-2018-0798: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
nvd
CVE-2018-0795HIGHCVSS 8.8v2010v20162018-01-10
CVE-2018-0795 [HIGH] CVE-2018-0795: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
nvd
CVE-2018-0801HIGHCVSS 8.8v2007v2010+2 more2018-01-10
CVE-2018-0801 [HIGH] CVE-2018-0801: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
nvd
CVE-2018-0819MEDIUMCVSS 6.5v20162018-01-10
CVE-2018-0819 [MEDIUM] CVE-2018-0819: Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a u
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."
nvd
CVE-2017-11935HIGHCVSS 7.8v20162017-12-12
CVE-2017-11935 [HIGH] CWE-119 CVE-2017-11935: Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
nvd
CVE-2017-11934MEDIUMCVSS 5.5v2013v20162017-12-12
CVE-2017-11934 [MEDIUM] CWE-200 CVE-2017-11934: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an informat
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
nvd
CVE-2017-11939MEDIUMCVSS 6.5v20162017-12-12
CVE-2017-11939 [MEDIUM] CWE-200 CVE-2017-11939: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the w
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
nvd
CVE-2017-11854HIGHCVSS 8.8v20102017-11-15
CVE-2017-11854 [HIGH] CWE-119 CVE-2017-11854: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Servic
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
nvd
CVE-2017-11882HIGHCVSS 7.8KEVPoCv2007v2010+2 more2017-11-15
CVE-2017-11882 [HIGH] CWE-119 CVE-2017-11882: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Se
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-20
nvd
CVE-2017-11825HIGHCVSS 7.8v20162017-10-13
CVE-2017-11825 [HIGH] CWE-119 CVE-2017-11825: Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
nvd
CVE-2017-8744HIGHCVSS 7.8v2007v2010+2 more2017-09-13
CVE-2017-8744 [HIGH] CVE-2017-8744: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3,
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is
nvd
CVE-2017-8630HIGHCVSS 7.8v20162017-09-13
CVE-2017-8630 [HIGH] CWE-119 CVE-2017-8630: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.
nvd