Microsoft Powerpoint vulnerabilities
69 known vulnerabilities affecting microsoft/powerpoint.
Total CVEs
69
CISA KEV
4
actively exploited
Public exploits
10
Exploited in wild
3
Severity breakdown
CRITICAL24HIGH36MEDIUM8LOW1
Vulnerabilities
Page 1 of 4
CVE-2026-26133HIGHCVSS 7.1fixed in 2.106.2fixed in 16.0.19822.200382026-03-16
CVE-2026-26133 [HIGH] CWE-77 CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-59238HIGHCVSS 7.8v20162025-10-14
CVE-2025-59238 [HIGH] CWE-416 CVE-2025-59238: Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-54908HIGHCVSS 7.8v20162025-09-09
CVE-2025-54908 [HIGH] CWE-416 CVE-2025-54908: Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-53761HIGHCVSS 7.8v20162025-08-12
CVE-2025-53761 [HIGH] CWE-416 CVE-2025-53761: Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-49705HIGHCVSS 7.8v20162025-07-08
CVE-2025-49705 [HIGH] CWE-122 CVE-2025-49705: Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-49699HIGHCVSS 7.0v20162025-07-08
CVE-2025-49699 [HIGH] CWE-416 CVE-2025-49699: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-47175HIGHCVSS 7.8PoCv20162025-06-10
CVE-2025-47175 [HIGH] CWE-416 CVE-2025-47175: Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
nvd
CVE-2024-39804CRITICALCVSS 9.1v16.83v16.83 for macOS2024-12-18
CVE-2024-39804 [HIGH] CWE-347 CVE-2024-39804: A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafte
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
cvelistv5nvd
CVE-2024-38171HIGHCVSS 7.8v20162024-08-13
CVE-2024-38171 [HIGH] CWE-416 CVE-2024-38171: Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
nvd
CVE-2024-20673HIGHCVSS 7.8v20162024-02-13
CVE-2024-20673 [HIGH] CWE-693 CVE-2024-20673: Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
nvd
CVE-2021-27056HIGHCVSS 7.8v2010v2013+1 more2021-03-11
CVE-2021-27056 [HIGH] CVE-2021-27056: Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
nvd
CVE-2020-17124HIGHCVSS 7.8v2010v2013+1 more2020-12-10
CVE-2020-17124 [HIGH] CVE-2020-17124: Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft PowerPoint Remote Code Execution Vulnerability
nvd
CVE-2020-0760HIGHCVSS 8.8v2010v2013+1 more2020-04-15
CVE-2020-0760 [HIGH] CVE-2020-0760: A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type l
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
nvd
CVE-2019-1462HIGHCVSS 7.8v2010v2013+1 more2019-12-10
CVE-2019-1462 [HIGH] CWE-908 CVE-2019-1462: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fail
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.
nvd
CVE-2018-8628HIGHCVSS 7.8v2010v2013+1 more2018-12-12
CVE-2018-8628 [HIGH] CVE-2018-8628: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fail
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft Sha
nvd
CVE-2018-8501HIGHCVSS 8.8v2010v2013+1 more2018-10-10
CVE-2018-8501 [HIGH] CVE-2018-8501: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fail
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint.
nvd
CVE-2018-8376HIGHCVSS 8.8v20102018-08-15
CVE-2018-8376 [HIGH] CVE-2018-8376: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fail
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
nvd
CVE-2017-8743HIGHCVSS 7.8v20162017-09-13
CVE-2017-8743 [HIGH] CVE-2017-8743: A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Ente
A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.
nvd
CVE-2017-8742HIGHCVSS 7.8v2007v2010+2 more2017-09-13
CVE-2017-8742 [HIGH] CWE-119 CVE-2017-8742: A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterp
nvd
CVE-2017-8513HIGHCVSS 7.8v20072017-06-15
CVE-2017-8513 [HIGH] CWE-119 CVE-2017-8513: A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to prop
A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability".
nvd
1 / 4Next →