Total
1007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0848 | 1 Microsoft | 6 Office, Powerpoint, Project and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
|
|||||
| CVE-2002-0862 | 2 Apple, Microsoft | 10 Macos, Internet Explorer, Office and 7 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for In ...
Show More |
|||||
| CVE-2002-0618 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 7.5 HIGH | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
|
|||||
| CVE-2006-4534 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
|
|||||
| CVE-2004-0200 | 1 Microsoft | 24 .net Framework, Digital Image Pro, Digital Image Suite and 21 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
|
|||||
| CVE-2006-0009 | 1 Microsoft | 2 Office, Works | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
|
|||||
| CVE-2006-0029 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
|
|||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
|
|||||
| CVE-2006-2389 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
|
|||||
| CVE-2001-0003 | 1 Microsoft | 4 Office, Windows 2000, Windows Me and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
|
|||||
| CVE-2000-0088 | 1 Microsoft | 4 Office, Office Converter Pack, Powerpoint and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
|
|||||
| CVE-2006-3493 | 1 Microsoft | 1 Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
|
|||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2025-04-03 | 7.5 HIGH | N/A |
|
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
|
|||||
| CVE-2006-1540 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an ...
Show More |
|||||
| CVE-2002-0616 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
|
|||||
| CVE-2004-0121 | 1 Microsoft | 2 Office, Outlook | 2025-04-03 | 7.5 HIGH | N/A |
|
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
|
|||||
| CVE-2006-0004 | 1 Microsoft | 1 Office | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
|
|||||
| CVE-2006-0028 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
|
|||||
| CVE-2002-1716 | 1 Microsoft | 1 Office | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.
|
|||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
|
|||||
| CVE-2000-0854 | 1 Microsoft | 1 Office | 2025-04-03 | 10.0 HIGH | N/A |
|
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
|
|||||
| CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
|
|||||
| CVE-2004-0573 | 1 Microsoft | 5 Frontpage, Office, Publisher and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
|
|||||
| CVE-2023-36765 | 1 Microsoft | 1 Office | 2025-02-28 | N/A | 7.8 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36569 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-28 | N/A | 8.4 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-33150 | 1 Microsoft | 3 365 Apps, Office, Word | 2025-02-28 | N/A | 9.6 CRITICAL |
|
Microsoft Office Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-33148 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | N/A | 7.8 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-33131 | 1 Microsoft | 4 Office, Office Long Term Servicing Channel, Outlook and 1 more | 2025-02-28 | N/A | 8.8 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23398 | 1 Microsoft | 3 365 Apps, Excel, Office | 2025-02-28 | N/A | 7.1 HIGH |
|
Microsoft Excel Spoofing Vulnerability
|
|||||
| CVE-2022-41061 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2025-02-28 | N/A | 7.8 HIGH |
|
Microsoft Word Remote Code Execution Vulnerability
|
|||||
| CVE-2021-40485 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2025-02-28 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-02-28 | 6.8 MEDIUM | 7.3 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2023-29333 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | N/A | 3.3 LOW |
|
Microsoft Access Denial of Service Vulnerability
|
|||||
| CVE-2025-21402 | 1 Microsoft | 2 Office, Onenote | 2025-01-27 | N/A | 7.8 HIGH |
|
Microsoft Office OneNote Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21338 | 1 Microsoft | 16 Office, Windows 10 1507, Windows 10 1607 and 13 more | 2025-01-21 | N/A | 7.8 HIGH |
|
GDI+ Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49142 | 1 Microsoft | 4 365 Apps, Access, Office and 1 more | 2025-01-17 | N/A | 7.8 HIGH |
|
Microsoft Access Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30042 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-01-08 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49069 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-01-08 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49065 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||