Search
Total
737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3018 | 1 Microsoft | 4 Office, Office Converter Pack, Windows Nt and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | |||||
| CVE-2008-3015 | 1 Microsoft | 9 Digital Image Suite, Forefront Client Security, Office and 6 more | 2018-10-12 | 9.3 HIGH | N/A |
| Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." | |||||
| CVE-2008-3003 | 1 Microsoft | 1 Office | 2018-10-12 | 6.6 MEDIUM | N/A |
| Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | |||||
| CVE-2008-1089 | 1 Microsoft | 2 Office, Visio | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." | |||||
| CVE-2008-1090 | 1 Microsoft | 2 Office, Visio | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." | |||||
| CVE-2008-1091 | 1 Microsoft | 3 Office, Office Compatibility Pack For Word Excel Ppt 2007, Word Viewer | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." | |||||
| CVE-2008-1434 | 1 Microsoft | 3 Office, Office Compatibility Pack For Word Excel Ppt 2007, Word Viewer | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. | |||||
| CVE-2008-0117 | 1 Microsoft | 4 Compatibility Pack Word Excel Powerpoint 2007, Excel, Excel Viewer and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." | |||||
| CVE-2008-0118 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2008-0110 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. | |||||
| CVE-2008-0112 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." | |||||
| CVE-2008-0114 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. | |||||
| CVE-2008-0115 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." | |||||
| CVE-2008-0111 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." | |||||
| CVE-2007-3890 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. | |||||
| CVE-2008-0081 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | |||||
| CVE-2008-0103 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." | |||||
| CVE-2008-0105 | 1 Microsoft | 2 Office, Works | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." | |||||
| CVE-2008-0108 | 1 Microsoft | 2 Office, Works | 2018-10-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." | |||||
| CVE-2007-1201 | 1 Microsoft | 5 Biztalk Server, Commerce Server, Internet Security And Acceleration Server and 2 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." | |||||
| CVE-2007-0065 | 1 Microsoft | 6 Office, Visual Basic, Windows 2000 and 3 more | 2018-10-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | |||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | |||||
| CVE-2007-0515 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. | |||||
| CVE-2007-0216 | 1 Microsoft | 2 Office, Works | 2018-10-12 | 9.3 HIGH | N/A |
| wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." | |||||
| CVE-2007-0209 | 1 Microsoft | 2 Office, Works | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | |||||
| CVE-2007-0208 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | |||||
| CVE-2006-2389 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. | |||||
| CVE-2006-1318 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability." | |||||
| CVE-2006-1311 | 1 Microsoft | 5 Learning Essentials, Office, Windows 2000 and 2 more | 2018-10-12 | 9.3 HIGH | N/A |
| The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. | |||||
| CVE-2006-1316 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. | |||||
| CVE-2006-0004 | 1 Microsoft | 1 Office | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). | |||||
| CVE-2006-0029 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. | |||||
| CVE-2006-0030 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. | |||||
| CVE-2006-0033 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. | |||||
| CVE-2004-0846 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 7.5 HIGH | N/A |
| Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. | |||||
| CVE-2004-0848 | 1 Microsoft | 6 Office, Powerpoint, Project and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. | |||||
| CVE-2004-0121 | 1 Microsoft | 2 Office, Outlook | 2018-10-12 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. | |||||
| CVE-2003-0347 | 1 Microsoft | 4 Office, Project, Visio and 1 more | 2018-10-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. | |||||
| CVE-2002-0152 | 1 Microsoft | 6 Entourage, Excel, Ie and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. | |||||
| CVE-2002-0616 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." | |||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." | |||||
| CVE-2002-0618 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 7.5 HIGH | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". | |||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2018-10-12 | 7.5 HIGH | N/A |
| The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | |||||
| CVE-2002-0615 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 7.5 HIGH | N/A |
| The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | |||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2018-10-12 | 5.0 MEDIUM | N/A |
| Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. | |||||
| CVE-2001-0003 | 1 Microsoft | 4 Office, Windows 2000, Windows Me and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. | |||||
| CVE-2000-0088 | 1 Microsoft | 4 Office, Office Converter Pack, Powerpoint and 1 more | 2018-10-12 | 7.2 HIGH | N/A |
| Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | |||||
| CVE-2000-0419 | 1 Microsoft | 10 Access, Excel, Frontpage and 7 more | 2018-10-12 | 7.5 HIGH | N/A |
| The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | |||||
| CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 4.6 MEDIUM | N/A |
| Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | |||||
| CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2018-10-12 | 4.6 MEDIUM | N/A |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | |||||