Microsoft Office 365 Proplus vulnerabilities
62 known vulnerabilities affecting microsoft/office_365_proplus.
Total CVEs
62
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH46MEDIUM13
Vulnerabilities
Page 2 of 4
CVE-2019-1400MEDIUMCVSS 5.5v32-bit Systemsv64-bit Systems2019-12-10
CVE-2019-1400 [MEDIUM] CWE-200 CVE-2019-1400: An information disclosure vulnerability exists in Microsoft Access software when the software fails
An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.
cvelistv5nvd
CVE-2019-1461MEDIUMCVSS 6.5v32-bit Systemsv64-bit Systems2019-12-10
CVE-2019-1461 [MEDIUM] CVE-2019-1461: A denial of service vulnerability exists in Microsoft Word software when the software fails to prope
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
cvelistv5nvd
CVE-2019-1449CRITICALCVSS 9.8v32-bit Systemsv64-bit Systems2019-11-12
CVE-2019-1449 [CRITICAL] CVE-2019-1449: A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office C
cvelistv5nvd
CVE-2019-1448HIGHCVSS 7.8v32-bit Systemsv64-bit Systems2019-11-12
CVE-2019-1448 [HIGH] CVE-2019-1448: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1402MEDIUMCVSS 5.5v32-bit Systemsv64-bit Systems2019-11-12
CVE-2019-1402 [MEDIUM] CWE-200 CVE-2019-1402: An information disclosure vulnerability exists in Microsoft Office software when the software fails
An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
cvelistv5nvd
CVE-2019-1446MEDIUMCVSS 5.5v32-bit Systemsv64-bit Systems2019-11-12
CVE-2019-1446 [MEDIUM] CWE-200 CVE-2019-1446: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the content
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
cvelistv5nvd
CVE-2019-1327HIGHCVSS 8.8v32-bit Systemsv64-bit Systems2019-10-10
CVE-2019-1327 [HIGH] CVE-2019-1327: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
cvelistv5nvd
CVE-2019-1331HIGHCVSS 8.8Exploitedv32-bit Systemsv64-bit Systems2019-10-10
CVE-2019-1331 [HIGH] CVE-2019-1331: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
cvelistv5
CVE-2019-1264HIGHCVSS 7.8v32-bit Systemsv64-bit Systems2019-09-11
CVE-2019-1264 [HIGH] CWE-20 CVE-2019-1264: A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka '
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
cvelistv5nvd
CVE-2019-1246HIGHCVSS 7.8v32-bit Systemsv64-bit Systems2019-09-11
CVE-2019-1246 [HIGH] CVE-2019-1246: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remot
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249
cvelistv5
CVE-2019-1297HIGHCVSS 8.8KEVv32-bit Systemsv64-bit Systems2019-09-11
CVE-2019-1297 [HIGH] CVE-2019-1297: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1263MEDIUMCVSS 5.5v32-bit Systemsv64-bit Systems2019-09-11
CVE-2019-1263 [MEDIUM] CWE-200 CVE-2019-1263: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the content
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
cvelistv5nvd
CVE-2019-1205CRITICALCVSS 9.8≥ 16.0.0, < publication2019-08-14
CVE-2019-1205 [CRITICAL] CVE-2019-1205: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same
cvelistv5nvd
CVE-2019-1155HIGHCVSS 7.8≥ 16.0.0, < publication2019-08-14
CVE-2019-1155 [HIGH] CVE-2019-1155: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
cvelistv5nvd
CVE-2019-1200HIGHCVSS 7.8≥ 16.0.0, < publication2019-08-14
CVE-2019-1200 [HIGH] CVE-2019-1200: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user wi
cvelistv5nvd
CVE-2019-1201HIGHCVSS 7.8≥ 16.0.0, < publication2019-08-14
CVE-2019-1201 [HIGH] CVE-2019-1201: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same perm
cvelistv5nvd
CVE-2019-1199HIGHCVSS 7.8≥ 16.0.0, < publication2019-08-14
CVE-2019-1199 [HIGH] CWE-787 CVE-2019-1199: A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properl
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec
cvelistv5nvd
CVE-2019-1204MEDIUMCVSS 4.3≥ 16.0.0, < publication2019-08-14
CVE-2019-1204 [MEDIUM] CWE-20 CVE-2019-1204: An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incomi
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).
To exploit the vulnerability, the att
cvelistv5nvd
CVE-2019-1111HIGHCVSS 8.8v32-bit Systemsv64-bit Systems2019-07-29
CVE-2019-1111 [HIGH] CVE-2019-1111: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110.
cvelistv5
CVE-2019-1109CRITICALCVSS 9.1v32-bit Systemsv64-bit Systems2019-07-15
CVE-2019-1109 [CRITICAL] CWE-20 CVE-2019-1109: A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javas
cvelistv5nvd