Microsoft Corporation Microsoft Office vulnerabilities
29 known vulnerabilities affecting microsoft_corporation/microsoft_office.
Total CVEs
29
CISA KEV
3
actively exploited
Public exploits
3
Exploited in wild
3
Severity breakdown
HIGH19MEDIUM8LOW2
Vulnerabilities
Page 1 of 2
CVE-2017-11882P1HIGHCVSS 7.8KEVPoCRansomwarevMicrosoft Excel 2016 Click-to-Run (C2R)2017-11-15
CVE-2017-11882 [HIGH] CWE-119 CVE-2017-11882: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Se
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-20
nvd
CVE-2017-11826P1HIGHCVSS 7.8KEVPoCvMicrosoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server.2017-10-13
CVE-2017-11826 [HIGH] CWE-119 CVE-2017-11826: Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications,
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
nvd
CVE-2017-0261P1HIGHCVSS 7.8KEVPoCvMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.2017-05-12
CVE-2017-0261 [HIGH] CWE-416 CVE-2017-0261: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerabil
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.
nvd
CVE-2018-0841P2HIGHCVSS 8.8vMicrosoft Office 2016 Click-to-Run2018-02-15
CVE-2018-0841 [HIGH] CVE-2018-0841: Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects a
Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"
nvd
CVE-2018-0851P3HIGHCVSS 8.8vMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R).2018-02-15
CVE-2018-0851 [HIGH] CWE-787 CVE-2018-0851: Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique
nvd
CVE-2018-0795P3HIGHCVSS 8.8vMicrosoft Office 2010, Microsoft Office 2013, and Microsoft Office 20162018-01-10
CVE-2018-0795 [HIGH] CVE-2018-0795: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
nvd
CVE-2017-0254P3HIGHCVSS 7.8vMicrosoft PowerPoint for Mac 20112017-05-12
CVE-2017-0254 [HIGH] CWE-119 CVE-2017-0254: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Wo
nvd
CVE-2018-0922P3HIGHCVSS 7.8vMicrosoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 20162018-03-14
CVE-2018-0922 [HIGH] CWE-787 CVE-2018-0922: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Micro
nvd
CVE-2017-8742P3HIGHCVSS 7.8vMicrosoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server2017-09-13
CVE-2017-8742 [HIGH] CWE-119 CVE-2017-8742: A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterp
nvd
CVE-2017-11935P3HIGHCVSS 7.8vMicrosoft Office 2016 Click-to-Run (C2R)2017-12-12
CVE-2017-11935 [HIGH] CWE-119 CVE-2017-11935: Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
nvd
CVE-2017-11854P3HIGHCVSS 8.8vMicrosoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 32017-11-15
CVE-2017-11854 [HIGH] CWE-119 CVE-2017-11854: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Servic
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
nvd
CVE-2017-8663P3HIGHCVSS 7.8vMicrosoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016.2017-08-01
CVE-2017-8663 [HIGH] CWE-119 CVE-2017-8663: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 201
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
nvd
CVE-2017-8507P3HIGHCVSS 7.8vMicrosoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016.2017-06-15
CVE-2017-8507 [HIGH] CWE-119 CVE-2017-8507: A remote code execution vulnerability exists in the way Microsoft Office software parses specially c
A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".
nvd
CVE-2017-8725P3HIGHCVSS 7.8vMicrosoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 22017-09-13
CVE-2017-8725 [HIGH] CWE-119 CVE-2017-8725: A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsof
A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".
nvd
CVE-2017-0260P3HIGHCVSS 7.8vMicrosoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services.2017-06-15
CVE-2017-0260 [HIGH] CVE-2017-0260: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.
nvd
CVE-2017-8567P3HIGHCVSS 7.8vMicrosoft Excel for Mac 20112017-09-13
CVE-2017-8567 [HIGH] CWE-119 CVE-2017-8567: A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to proper
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
nvd
CVE-2017-8630P3HIGHCVSS 7.8vMicrosoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 20162017-09-13
CVE-2017-8630 [HIGH] CWE-119 CVE-2017-8630: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.
nvd
CVE-2017-11878P3HIGHCVSS 7.8vMicrosoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 32017-11-15
CVE-2017-11878 [HIGH] CWE-119 CVE-2017-11878: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Servi
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by fai
nvd
CVE-2017-8571P3HIGHCVSS 7.8vMicrosoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016.2017-08-01
CVE-2017-8571 [HIGH] CWE-20 CVE-2017-8571: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 201
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
nvd
CVE-2017-11939P4MEDIUMCVSS 6.5vMicrosoft Office 2016 Click-to-Run (C2R)2017-12-12
CVE-2017-11939 [MEDIUM] CWE-200 CVE-2017-11939: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the w
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
nvd
1 / 2Next →