Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft Subscribe
Filtered by product Office

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43905 1 Microsoft 1 Office 2022-01-01 6.8 MEDIUM 9.6 CRITICAL
Microsoft Office app Remote Code Execution Vulnerability
CVE-2020-0901 1 Microsoft 2 365 Apps, Office 2021-07-21 7.5 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
CVE-2019-1449 1 Microsoft 2 Office, Office 365 Proplus 2020-08-24 10.0 HIGH 9.8 CRITICAL
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.
CVE-2019-1109 1 Microsoft 2 Office, Office 365 2019-07-19 6.4 MEDIUM 9.1 CRITICAL
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.
CVE-2016-7182 1 Microsoft 12 Live Meeting, Lync, Office and 9 more 2018-10-12 10.0 HIGH 9.8 CRITICAL
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
CVE-2016-7277 1 Microsoft 1 Office 2018-10-12 9.3 HIGH 9.6 CRITICAL
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."