Microsoft Corporation Microsoft Office vulnerabilities
45 known vulnerabilities affecting microsoft_corporation/microsoft_office.
Total CVEs
45
CISA KEV
4
actively exploited
Public exploits
1
Exploited in wild
4
Severity breakdown
HIGH35MEDIUM8LOW2
Vulnerabilities
Page 1 of 3
CVE-2018-0922HIGHCVSS 7.8vMicrosoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 20162018-03-14
CVE-2018-0922 [HIGH] CWE-787 CVE-2018-0922: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Micro
cvelistv5nvd
CVE-2018-0919LOWCVSS 3.3vMicrosoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 20162018-03-14
CVE-2018-0919 [LOW] CWE-125 CVE-2018-0919: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1
cvelistv5nvd
CVE-2018-0851HIGHCVSS 8.8vMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R).2018-02-15
CVE-2018-0851 [HIGH] CWE-787 CVE-2018-0851: Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique
cvelistv5nvd
CVE-2018-0841HIGHCVSS 8.8vMicrosoft Office 2016 Click-to-Run2018-02-15
CVE-2018-0841 [HIGH] CVE-2018-0841: Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects a
Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"
cvelistv5nvd
CVE-2018-0852HIGHCVSS 8.8vMicrosoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R).2018-02-15
CVE-2018-0852 [HIGH] CVE-2018-0852: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Th
cvelistv5
CVE-2018-0853LOWCVSS 3.3vMicrosoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R).2018-02-15
CVE-2018-0853 [LOW] CWE-665 CVE-2018-0853: Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsof
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
cvelistv5nvd
CVE-2018-0797HIGHCVSS 7.8vMicrosoft Office2018-01-10
CVE-2018-0797 [HIGH] CVE-2018-0797: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is hand
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
cvelistv5
CVE-2018-0795HIGHCVSS 8.8vMicrosoft Office 2010, Microsoft Office 2013, and Microsoft Office 20162018-01-10
CVE-2018-0795 [HIGH] CVE-2018-0795: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
cvelistv5nvd
CVE-2017-11935HIGHCVSS 7.8vMicrosoft Office 2016 Click-to-Run (C2R)2017-12-12
CVE-2017-11935 [HIGH] CWE-119 CVE-2017-11935: Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
cvelistv5nvd
CVE-2017-11934MEDIUMCVSS 5.5vMicrosoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 20162017-12-12
CVE-2017-11934 [MEDIUM] CWE-200 CVE-2017-11934: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an informat
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
cvelistv5nvd
CVE-2017-11939MEDIUMCVSS 6.5vMicrosoft Office 2016 Click-to-Run (C2R)2017-12-12
CVE-2017-11939 [MEDIUM] CWE-200 CVE-2017-11939: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the w
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
cvelistv5nvd
CVE-2017-11882HIGHCVSS 7.8KEVPoCvMicrosoft Excel 2016 Click-to-Run (C2R)2017-11-15
CVE-2017-11882 [HIGH] CWE-119 CVE-2017-11882: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Se
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-20
cvelistv5nvd
CVE-2017-11878HIGHCVSS 7.8vMicrosoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 32017-11-15
CVE-2017-11878 [HIGH] CWE-119 CVE-2017-11878: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Servi
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by fai
cvelistv5nvd
CVE-2017-11854HIGHCVSS 8.8vMicrosoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 32017-11-15
CVE-2017-11854 [HIGH] CWE-119 CVE-2017-11854: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Servic
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
cvelistv5nvd
CVE-2017-11884HIGHCVSS 7.8vMicrosoft Excel 2016 Click-to-Run (C2R)2017-11-15
CVE-2017-11884 [HIGH] CVE-2017-11884: Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle obje
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.
cvelistv5
CVE-2017-11877MEDIUMCVSS 5.5vMicrosoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac2017-11-15
CVE-2017-11877 [MEDIUM] CVE-2017-11877: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Servi
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro se
cvelistv5nvd
CVE-2017-11826HIGHCVSS 7.8KEVvMicrosoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server.2017-10-13
CVE-2017-11826 [HIGH] CWE-119 CVE-2017-11826: Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications,
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
cvelistv5nvd
CVE-2017-8567HIGHCVSS 7.8vMicrosoft Excel for Mac 20112017-09-13
CVE-2017-8567 [HIGH] CWE-119 CVE-2017-8567: A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to proper
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
cvelistv5nvd
CVE-2017-8632HIGHCVSS 7.8vMicrosoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 32017-09-13
CVE-2017-8632 [HIGH] CVE-2017-8632: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pa
cvelistv5
CVE-2017-8725HIGHCVSS 7.8vMicrosoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 22017-09-13
CVE-2017-8725 [HIGH] CWE-119 CVE-2017-8725: A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsof
A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".
cvelistv5nvd
1 / 3Next →