Skip to main content

Office

747 CVEs product

Monthly

CVE-2018-0805 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0804 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0801 HIGH PATCH This Week

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0797 HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +8
NVD
CVSS 3.0
7.8
EPSS
24.8%
CVE-2018-0796 HIGH PATCH This Week

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Excel Viewer Office +1
NVD
CVSS 3.0
8.8
EPSS
23.3%
CVE-2018-0795 HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Word
NVD
CVSS 3.0
8.8
EPSS
19.3%
CVE-2018-0794 HIGH PATCH This Week

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
20.1%
CVE-2018-0793 HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
7.8
EPSS
20.6%
CVE-2018-0792 HIGH PATCH This Week

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +3
NVD
CVSS 3.0
8.8
EPSS
26.8%
CVE-2018-0791 HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Outlook
NVD
CVSS 3.0
7.8
EPSS
20.6%
CVE-2017-11939 MEDIUM PATCH This Month

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2017-11935 HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-11934 MEDIUM PATCH This Month

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
5.5
EPSS
23.5%
CVE-2017-11854 HIGH PATCH Act Now

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.9%.

Buffer Overflow RCE Microsoft Office Office Compatibility Pack +1
NVD
CVSS 3.0
8.8
EPSS
18.9%
CVE-2017-11825 HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Office Office For Mac
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-10857 MEDIUM This Month

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Office
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-8744 HIGH PATCH Act Now

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2017-8695 MEDIUM PATCH This Month

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.7%.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.0
5.3
EPSS
25.7%
CVE-2017-8676 LOW PATCH Monitor

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.0
3.3
EPSS
7.6%
CVE-2017-8630 HIGH PATCH Act Now

Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2017-11150 HIGH This Week

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology Microsoft Command Injection PHP Office
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2017-8501 HIGH PATCH Act Now

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.3%.

Buffer Overflow RCE Microsoft Excel Excel Viewer +4
NVD
CVSS 3.0
7.8
EPSS
31.3%
CVE-2017-0243 HIGH PATCH Act Now

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.0%.

Buffer Overflow RCE Microsoft Business Productivity Servers Office +1
NVD
CVSS 3.0
7.8
EPSS
34.0%
CVE-2017-8550 MEDIUM POC PATCH This Month

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS RCE Office
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
9.6%
CVE-2017-8534 MEDIUM PATCH This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.8%.

Microsoft Information Disclosure Office Windows 7 Windows Server 2008
NVD
CVSS 3.0
6.5
EPSS
19.8%
CVE-2017-8533 MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.5%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD
CVSS 3.0
6.5
EPSS
24.5%
CVE-2017-8532 MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.6%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD
CVSS 3.0
6.5
EPSS
21.6%
CVE-2017-8531 MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.8%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD
CVSS 3.0
6.5
EPSS
19.8%
CVE-2017-8528 HIGH PATCH Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.8%.

Buffer Overflow RCE Microsoft Office Windows 7 +4
NVD
CVSS 3.0
8.8
EPSS
26.8%
CVE-2017-8527 HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft Lync Office +9
NVD
CVSS 3.0
8.8
EPSS
28.8%
CVE-2017-8512 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +3
NVD
CVSS 3.0
8.8
EPSS
8.6%
CVE-2017-8511 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +3
NVD
CVSS 3.0
7.8
EPSS
6.4%
CVE-2017-8510 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.4%.

RCE Microsoft Excel Office Word
NVD
CVSS 3.0
8.8
EPSS
36.4%
CVE-2017-8509 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Compatibility Pack Office Web Apps +5
NVD
CVSS 3.0
8.8
EPSS
5.6%
CVE-2017-0289 MEDIUM POC PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
7.8%
CVE-2017-0288 MEDIUM POC PATCH THREAT This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
10.6%
CVE-2017-0287 MEDIUM POC PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
8.9%
CVE-2017-0286 MEDIUM POC PATCH THREAT This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft Information Disclosure Office Windows 7 Windows Server 2008
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
10.6%
CVE-2017-0285 MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Microsoft Information Disclosure Office Office Word Viewer Windows 10 +6
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
11.4%
CVE-2017-0284 MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
11.4%
CVE-2017-0283 HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync Office Office Word Viewer +8
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.0%
Threat
4.9
CVE-2017-0282 MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Microsoft Information Disclosure Office Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.1
5.0
EPSS
13.0%
CVE-2017-0260 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.4%.

RCE Microsoft Office Windows 7 Windows Server 2008
NVD
CVSS 3.0
7.8
EPSS
28.4%
CVE-2017-0281 HIGH PATCH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.3%.

RCE Microsoft Office Office Online Server Office Web Apps +5
NVD
CVSS 3.0
7.8
EPSS
43.3%
CVE-2017-0254 HIGH PATCH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.6%.

Buffer Overflow RCE Microsoft Office Office Compatibility Pack +5
NVD
CVSS 3.0
7.8
EPSS
32.6%
CVE-2017-2116 MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-2115 MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2017-2114 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-4874 LOW Monitor

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.0
3.5
EPSS
0.2%
CVE-2016-4873 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-4872 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-4871 MEDIUM This Month

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2016-4870 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-4869 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2016-4868 MEDIUM This Month

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Office
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2016-4867 MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-4866 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
4.8
EPSS
0.4%
CVE-2016-4865 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
4.8
EPSS
0.4%
CVE-2017-0108 HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
36.7%
Threat
4.2
CVE-2017-0105 MEDIUM PATCH This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.2%.

Microsoft Information Disclosure Office Office Compatibility Pack Office Web Apps +4
NVD
CVSS 3.0
5.5
EPSS
43.2%
CVE-2017-0073 MEDIUM PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.1
4.3
EPSS
9.2%
CVE-2017-0060 MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.3%
CVE-2017-0053 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Buffer Overflow RCE Microsoft Denial Of Service Office +3
NVD
CVSS 3.0
7.8
EPSS
23.5%
CVE-2017-0031 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.9%.

Buffer Overflow RCE Microsoft Denial Of Service Office +2
NVD
CVSS 3.0
7.8
EPSS
21.9%
CVE-2017-0030 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.1%.

Buffer Overflow RCE Microsoft Denial Of Service Office +4
NVD
CVSS 3.0
7.8
EPSS
28.1%
CVE-2017-0029 MEDIUM PATCH This Month

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.6%.

Denial Of Service Microsoft Office Word
NVD
CVSS 3.0
5.5
EPSS
22.6%
CVE-2017-0014 HIGH PATCH Act Now

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.8%.

RCE Microsoft Office Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.5
EPSS
23.8%
CVE-2016-7298 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office +1
NVD
CVSS 3.0
7.8
EPSS
18.9%
CVE-2016-7291 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7290 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7277 CRITICAL Act Now

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
9.6
EPSS
5.0%
CVE-2016-7276 HIGH This Week

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +1
NVD
CVSS 3.0
7.1
EPSS
8.6%
CVE-2016-7275 HIGH This Week

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-7268 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Office +6
NVD
CVSS 3.0
7.1
EPSS
10.9%
CVE-2016-7245 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-7244 MEDIUM This Month

Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 16.7% and no vendor patch available.

Microsoft Denial Of Service Authentication Bypass Office
NVD
CVSS 3.0
5.5
EPSS
16.7%
CVE-2016-7235 HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel For Mac Office +3
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-7234 HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel For Mac Office +5
NVD
CVSS 3.0
7.8
EPSS
48.4%
CVE-2016-7233 MEDIUM This Month

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.6% and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Microsoft Excel For Mac +8
NVD
CVSS 3.0
6.5
EPSS
14.6%
CVE-2016-7232 HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +2
NVD
CVSS 3.0
7.8
EPSS
40.6%
CVE-2016-7182 CRITICAL POC THREAT Emergency

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Live Meeting Lync Office +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
41.5%
Threat
4.7
CVE-2016-3396 HIGH Act Now

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

RCE Privilege Escalation Microsoft Live Meeting Lync +10
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2016-3263 MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting Lync Office +9
NVD
CVSS 3.0
5.5
EPSS
19.1%
CVE-2016-3262 MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting Lync Office +9
NVD
CVSS 3.0
5.5
EPSS
19.1%
CVE-2016-3209 MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
19.2%
CVE-2016-3357 HIGH POC THREAT Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.4%.

RCE Buffer Overflow Microsoft Office Office Web Apps +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
32.4%
Threat
4.0
CVE-2016-0141 MEDIUM This Month

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.0
6.5
EPSS
7.7%
CVE-2016-0137 LOW Monitor

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass.". Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVSS 3.0
3.3
EPSS
6.5%
CVE-2016-3318 HIGH Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-3317 HIGH Act Now

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Word +2
NVD
CVSS 3.0
7.8
EPSS
30.0%
EPSS 24% CVSS 8.8
HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +2
NVD
EPSS 24% CVSS 8.8
HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +2
NVD
EPSS 24% CVSS 8.8
HIGH PATCH This Week

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +2
NVD
EPSS 25% CVSS 7.8
HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE +10
NVD
EPSS 23% CVSS 8.8
HIGH PATCH This Week

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel +3
NVD
EPSS 19% CVSS 8.8
HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +1
NVD
EPSS 20% CVSS 8.8
HIGH PATCH This Week

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +2
NVD
EPSS 21% CVSS 7.8
HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office +2
NVD
EPSS 27% CVSS 8.8
HIGH PATCH This Week

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE +5
NVD
EPSS 21% CVSS 7.8
HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Office
NVD
EPSS 32% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft +1
NVD
EPSS 23% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Microsoft Information Disclosure Office
NVD
EPSS 19% CVSS 8.8
HIGH PATCH Act Now

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.9%.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 32% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Office
NVD
EPSS 23% CVSS 7.8
HIGH PATCH Act Now

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft +1
NVD
EPSS 26% CVSS 5.3
MEDIUM PATCH This Month

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.7%.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 8% CVSS 3.3
LOW PATCH Monitor

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 23% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Synology Microsoft Command Injection +2
NVD
EPSS 31% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.3%.

Buffer Overflow RCE Microsoft +6
NVD
EPSS 34% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.0%.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 10% CVSS 5.4
MEDIUM POC PATCH This Month

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS RCE Office
NVD Exploit-DB
EPSS 20% CVSS 6.5
MEDIUM PATCH This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.8%.

Microsoft Information Disclosure Office +2
NVD
EPSS 24% CVSS 6.5
MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.5%.

Microsoft Information Disclosure Office +7
NVD
EPSS 22% CVSS 6.5
MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.6%.

Microsoft Information Disclosure Office +7
NVD
EPSS 20% CVSS 6.5
MEDIUM PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.8%.

Microsoft Information Disclosure Office +7
NVD
EPSS 27% CVSS 8.8
HIGH PATCH Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.8%.

Buffer Overflow RCE Microsoft +6
NVD
EPSS 29% CVSS 8.8
HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft +11
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +5
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office +5
NVD
EPSS 36% CVSS 8.8
HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.4%.

RCE Microsoft Excel +2
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office +7
NVD
EPSS 8% CVSS 5.0
MEDIUM POC PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Office +7
NVD Exploit-DB
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft Information Disclosure Office +7
NVD Exploit-DB
EPSS 9% CVSS 5.0
MEDIUM POC PATCH This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Office +7
NVD Exploit-DB
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Microsoft Information Disclosure Office +2
NVD Exploit-DB
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Microsoft Information Disclosure Office +8
NVD Exploit-DB
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Microsoft Information Disclosure Office +7
NVD Exploit-DB
EPSS 56% 4.9 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync +10
NVD Exploit-DB
EPSS 13% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Microsoft Information Disclosure Office +7
NVD Exploit-DB
EPSS 28% CVSS 7.8
HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.4%.

RCE Microsoft Office +2
NVD
EPSS 43% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.3%.

RCE Microsoft Office +7
NVD
EPSS 33% CVSS 7.8
HIGH PATCH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.6%.

Buffer Overflow RCE Microsoft +7
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 37% 4.2 CVSS 7.8
HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft +9
NVD Exploit-DB
EPSS 43% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.2%.

Microsoft Information Disclosure Office +6
NVD
EPSS 9% CVSS 4.3
MEDIUM PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Live Meeting +13
NVD Exploit-DB
EPSS 23% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Buffer Overflow RCE Microsoft +5
NVD
EPSS 22% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.9%.

Buffer Overflow RCE Microsoft +4
NVD
EPSS 28% CVSS 7.8
HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.1%.

Buffer Overflow RCE Microsoft +6
NVD
EPSS 23% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.6%.

Denial Of Service Microsoft Office +1
NVD
EPSS 24% CVSS 7.5
HIGH PATCH Act Now

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.8%.

RCE Microsoft Office +7
NVD
EPSS 19% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 11% CVSS 7.1
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow +8
NVD
EPSS 11% CVSS 7.1
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow +8
NVD
EPSS 5% CVSS 9.6
CRITICAL Act Now

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 9% CVSS 7.1
HIGH This Week

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
EPSS 11% CVSS 7.1
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow +8
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 17% CVSS 5.5
MEDIUM This Month

Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 16.7% and no vendor patch available.

Microsoft Denial Of Service Authentication Bypass +1
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 48% CVSS 7.8
HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4% and no vendor patch available.

RCE Buffer Overflow Microsoft +7
NVD
EPSS 15% CVSS 6.5
MEDIUM This Month

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.6% and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +10
NVD
EPSS 41% CVSS 7.8
HIGH Act Now

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.6% and no vendor patch available.

RCE Buffer Overflow Microsoft +4
NVD
EPSS 41% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Live Meeting +11
NVD Exploit-DB
EPSS 32% CVSS 7.8
HIGH Act Now

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

RCE Privilege Escalation Microsoft +12
NVD
EPSS 19% CVSS 5.5
MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting +11
NVD
EPSS 19% CVSS 5.5
MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting +11
NVD
EPSS 19% CVSS 5.5
MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework +13
NVD Exploit-DB
EPSS 32% 4.0 CVSS 7.8
HIGH POC THREAT Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.4%.

RCE Buffer Overflow Microsoft +6
NVD Exploit-DB
EPSS 8% CVSS 6.5
MEDIUM This Month

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
EPSS 7% CVSS 3.3
LOW Monitor

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass.". Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +4
NVD
Prev Page 7 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy