Skip to main content

Office

747 CVEs product

Monthly

CVE-2016-3313 HIGH POC THREAT Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.3%.

RCE Buffer Overflow Microsoft Office Word For Mac +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
50.3%
Threat
4.6
CVE-2016-3304 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3303 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3301 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

RCE Microsoft Live Meeting Lync Office +9
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.6%
Threat
4.7
CVE-2016-3282 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 54.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +8
NVD
CVSS 3.0
7.8
EPSS
54.6%
CVE-2016-3281 HIGH Act Now

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Web Apps +4
NVD
CVSS 3.0
7.8
EPSS
48.4%
CVE-2016-3280 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-3279 MEDIUM This Month

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.4% and no vendor patch available.

RCE Microsoft Excel Excel Rt Office +6
NVD
CVSS 3.0
5.5
EPSS
34.4%
CVE-2016-3234 MEDIUM This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Information Disclosure Microsoft Office Office Compatibility Pack Office Web Apps +3
NVD
CVSS 3.0
5.5
EPSS
27.2%
CVE-2016-0025 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 26.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +6
NVD
CVSS 3.0
7.3
EPSS
26.9%
CVE-2016-0198 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.1% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +3
NVD
CVSS 3.0
7.8
EPSS
24.1%
CVE-2016-0183 HIGH Act Now

The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.

Microsoft RCE Authentication Bypass Office Office Web Apps +2
NVD
CVSS 3.0
8.8
EPSS
40.4%
CVE-2016-0140 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 36.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Web Apps +1
NVD
CVSS 3.0
7.8
EPSS
36.0%
CVE-2016-0126 HIGH Act Now

Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-0145 HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft Net Framework Live Meeting +11
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
74.8%
Threat
5.5
CVE-2016-0127 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2016-0134 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +5
NVD
CVSS 3.0
7.8
EPSS
48.5%
CVE-2016-0057 HIGH This Week

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-1153 MEDIUM This Month

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-1152 MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1151 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Office
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1150 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-1149 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-8489 MEDIUM This Month

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-8488 MEDIUM This Month

Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-8487 MEDIUM This Month

Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Information Disclosure Microsoft Office
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-8486 MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8485 MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8484 MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8483 HIGH This Week

Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microsoft Office
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2015-7798 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-7797 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-7796 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-7795 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-0056 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +1
NVD
CVSS 3.0
7.8
EPSS
24.7%
CVE-2016-0055 HIGH Act Now

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.3%
CVE-2016-0053 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.2% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
31.2%
CVE-2016-0052 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +5
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2016-0012 MEDIUM This Month

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Information Disclosure Microsoft Excel Office Powerpoint +3
NVD
CVSS 3.0
4.3
EPSS
10.6%
CVE-2016-0010 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 53.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel For Mac Office +3
NVD
CVSS 3.0
7.8
EPSS
53.9%
CVE-2015-6172 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.8% and no vendor patch available.

RCE Microsoft Office Office Compatibility Pack Word
NVD
CVSS 2.0
9.3
EPSS
32.8%
CVE-2015-6124 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +1
NVD
CVSS 2.0
9.3
EPSS
37.5%
CVE-2015-6118 CRITICAL Emergency

Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
34.3%
CVE-2015-6108 CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft Live Meeting Lync +13
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2015-6107 CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 49.4%.

RCE Buffer Overflow Microsoft Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
49.4%
CVE-2015-6106 CRITICAL Emergency

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Live Meeting Lync +5
NVD
CVSS 2.0
9.3
EPSS
44.8%
CVE-2015-6093 CRITICAL Emergency

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.2% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Web Apps +2
NVD
CVSS 2.0
9.3
EPSS
45.2%
CVE-2015-6092 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +2
NVD
CVSS 2.0
9.3
EPSS
31.3%
CVE-2015-6091 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Word +1
NVD
CVSS 2.0
9.3
EPSS
31.3%
CVE-2015-2510 CRITICAL POC THREAT Emergency

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 70.6%.

Adobe Buffer Overflow RCE Microsoft Live Meeting Console +4
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
70.6%
Threat
5.5
CVE-2015-2477 CRITICAL Emergency

Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Word Viewer
NVD
CVSS 2.0
9.3
EPSS
37.5%
CVE-2015-2470 CRITICAL POC THREAT Emergency

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.8%.

RCE Microsoft Office Word Word Viewer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
66.8%
Threat
5.4
CVE-2015-2469 CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft Office Word
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
69.2%
Threat
5.4
CVE-2015-2468 CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +5
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
71.8%
Threat
5.5
CVE-2015-2467 CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft Office
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
69.2%
Threat
5.4
CVE-2015-2466 CRITICAL Emergency

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
39.1%
CVE-2015-2464 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
48.1%
Threat
4.8
CVE-2015-2463 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
38.6%
Threat
4.5
CVE-2015-2456 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.5%
Threat
4.6
CVE-2015-2455 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
53.2%
Threat
5.0
CVE-2015-2435 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
30.2%
CVE-2015-2431 CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Live Meeting Lync Lync Basic +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
64.7%
Threat
5.3
CVE-2015-2423 MEDIUM PATCH This Month

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.9%.

Information Disclosure Microsoft Excel Office Powerpoint +12
NVD
CVSS 2.0
4.3
EPSS
14.9%
CVE-2015-2380 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office +1
NVD
CVSS 2.0
9.3
EPSS
31.3%
CVE-2015-2379 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office +2
NVD
CVSS 2.0
9.3
EPSS
31.3%
CVE-2015-2376 CRITICAL Emergency

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Excel +4
NVD
CVSS 2.0
9.3
EPSS
37.5%
CVE-2015-1760 CRITICAL Emergency

Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack
NVD
CVSS 2.0
9.3
EPSS
35.9%
CVE-2015-1683 CRITICAL Emergency

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
37.5%
CVE-2015-1682 CRITICAL Emergency

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel Web App +7
NVD
CVSS 2.0
9.3
EPSS
36.7%
CVE-2015-1650 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 60.8% and no vendor patch available.

RCE Denial Of Service Microsoft Office Office Compatibility Pack +4
NVD
CVSS 2.0
9.3
EPSS
60.8%
CVE-2015-1649 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.8% and no vendor patch available.

RCE Denial Of Service Microsoft Office Office Compatibility Pack +4
NVD
CVSS 2.0
9.3
EPSS
54.8%
CVE-2015-1639 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
6.9%
CVE-2015-0086 CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 38.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office +6
NVD
CVSS 2.0
9.3
EPSS
38.2%
CVE-2015-0085 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.3% and no vendor patch available.

RCE Denial Of Service Microsoft Excel Excel Viewer +9
NVD
CVSS 2.0
9.3
EPSS
46.3%
CVE-2015-0064 CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.2%.

Denial Of Service RCE Buffer Overflow Microsoft Web Applications +6
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
71.2%
Threat
5.5
CVE-2015-0063 CRITICAL PATCH Act Now

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.1%.

Denial Of Service RCE Buffer Overflow Microsoft Office Compatibility Pack +3
NVD
CVSS 2.0
9.3
EPSS
34.1%
CVE-2014-6362 MEDIUM This Month

Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.3% and no vendor patch available.

Denial Of Service Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
32.3%
CVE-2014-6364 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.7% and no vendor patch available.

RCE Denial Of Service Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
31.7%
CVE-2014-6357 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 48.0% and no vendor patch available.

RCE Denial Of Service Microsoft Office Office Compatibility Pack +3
NVD
CVSS 2.0
9.3
EPSS
48.0%
CVE-2014-5314 CRITICAL Act Now

Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Office Dezie +1
NVD
CVSS 2.0
9.0
EPSS
5.1%
CVE-2014-4117 CRITICAL Emergency

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.0% and no vendor patch available.

RCE Microsoft Office Office Compatibility Pack Sharepoint Server +2
NVD
CVSS 2.0
9.3
EPSS
32.0%
CVE-2014-1809 MEDIUM This Month

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 2.0
6.8
EPSS
10.0%
CVE-2014-1808 MEDIUM This Month

Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
14.7%
CVE-2014-1756 CRITICAL Act Now

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.1% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 2.0
9.3
EPSS
20.1%
CVE-2014-2730 MEDIUM This Month

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD VulDB
CVSS 2.0
5.0
EPSS
9.3%
CVE-2013-5057 MEDIUM POC THREAT This Month

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation Microsoft RCE Office
NVD
CVSS 2.0
4.3
EPSS
14.8%
CVE-2013-5054 MEDIUM POC THREAT This Month

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Information Disclosure Microsoft Office Office 2013 Rt
NVD
CVSS 2.0
4.3
EPSS
11.4%
CVE-2013-1325 CRITICAL Emergency

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office
NVD
CVSS 2.0
9.3
EPSS
57.2%
CVE-2013-1324 CRITICAL Emergency

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office Office 2013 Rt
NVD
CVSS 2.0
9.3
EPSS
57.2%
CVE-2013-0082 CRITICAL Emergency

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office
NVD
CVSS 2.0
9.3
EPSS
53.2%
EPSS 50% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.3%.

RCE Buffer Overflow Microsoft +3
NVD Exploit-DB
EPSS 53% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting +7
NVD Exploit-DB
EPSS 53% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting +7
NVD Exploit-DB
EPSS 54% 4.7 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

RCE Microsoft Live Meeting +11
NVD Exploit-DB
EPSS 55% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 54.6% and no vendor patch available.

RCE Buffer Overflow Microsoft +10
NVD
EPSS 48% CVSS 7.8
HIGH Act Now

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.4% and no vendor patch available.

RCE Buffer Overflow Microsoft +6
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +6
NVD
EPSS 34% CVSS 5.5
MEDIUM This Month

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.4% and no vendor patch available.

RCE Microsoft Excel +8
NVD
EPSS 27% CVSS 5.5
MEDIUM This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Information Disclosure Microsoft Office +5
NVD
EPSS 27% CVSS 7.3
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 26.9% and no vendor patch available.

RCE Buffer Overflow Microsoft +8
NVD
EPSS 24% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.1% and no vendor patch available.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 40% CVSS 8.8
HIGH Act Now

The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.

Microsoft RCE Authentication Bypass +4
NVD
EPSS 36% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 36.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 75% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft +13
NVD Exploit-DB
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft +6
NVD
EPSS 49% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 48.5% and no vendor patch available.

RCE Buffer Overflow Microsoft +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Office
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 25% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 31% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.2% and no vendor patch available.

RCE Buffer Overflow Microsoft +6
NVD
EPSS 30% CVSS 7.8
HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft +7
NVD
EPSS 11% CVSS 4.3
MEDIUM This Month

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Information Disclosure Microsoft Excel +5
NVD
EPSS 54% CVSS 7.8
HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 53.9% and no vendor patch available.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 33% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.8% and no vendor patch available.

RCE Microsoft Office +2
NVD
EPSS 38% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 34% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.3% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 44% CVSS 9.3
CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft +15
NVD
EPSS 49% CVSS 9.3
CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 49.4%.

RCE Buffer Overflow Microsoft +14
NVD
EPSS 45% CVSS 9.3
CRITICAL Emergency

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.8% and no vendor patch available.

RCE Buffer Overflow Microsoft +7
NVD
EPSS 45% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.2% and no vendor patch available.

RCE Buffer Overflow Microsoft +4
NVD
EPSS 31% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

RCE Buffer Overflow Microsoft +4
NVD
EPSS 31% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 71% 5.5 CVSS 9.3
CRITICAL POC THREAT Emergency

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 70.6%.

Adobe Buffer Overflow RCE +6
NVD Exploit-DB
EPSS 38% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft +2
NVD
EPSS 67% 5.4 CVSS 9.3
CRITICAL POC THREAT Emergency

Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.8%.

RCE Microsoft Office +2
NVD Exploit-DB
EPSS 69% 5.4 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft +2
NVD Exploit-DB
EPSS 72% 5.5 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

RCE Buffer Overflow Microsoft +7
NVD Exploit-DB
EPSS 69% 5.4 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.2%.

RCE Buffer Overflow Microsoft +1
NVD Exploit-DB
EPSS 39% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 39.1% and no vendor patch available.

RCE Microsoft Office
NVD
EPSS 48% 4.8 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 39% 4.5 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 42% 4.6 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 53% 5.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 30% CVSS 9.3
CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework +14
NVD
EPSS 65% 5.3 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Live Meeting +3
NVD Exploit-DB
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.9%.

Information Disclosure Microsoft Excel +14
NVD
EPSS 31% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 31% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 38% CVSS 9.3
CRITICAL Emergency

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 36% CVSS 9.3
CRITICAL Emergency

Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

RCE Buffer Overflow Microsoft +2
NVD
EPSS 38% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.5% and no vendor patch available.

RCE Buffer Overflow Microsoft +1
NVD
EPSS 37% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7% and no vendor patch available.

RCE Buffer Overflow Microsoft +9
NVD
EPSS 61% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 60.8% and no vendor patch available.

RCE Denial Of Service Microsoft +6
NVD
EPSS 55% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.8% and no vendor patch available.

RCE Denial Of Service Microsoft +6
NVD
EPSS 7% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Office
NVD
EPSS 38% CVSS 9.3
CRITICAL Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 38.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +8
NVD
EPSS 46% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.3% and no vendor patch available.

RCE Denial Of Service Microsoft +11
NVD
EPSS 71% 5.5 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.2%.

Denial Of Service RCE Buffer Overflow +8
NVD Exploit-DB
EPSS 34% CVSS 9.3
CRITICAL PATCH Act Now

Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.1%.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 32% CVSS 4.3
MEDIUM This Month

Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.3% and no vendor patch available.

Denial Of Service Microsoft Office
NVD
EPSS 32% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.7% and no vendor patch available.

RCE Denial Of Service Microsoft +1
NVD
EPSS 48% CVSS 9.3
CRITICAL Emergency

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 48.0% and no vendor patch available.

RCE Denial Of Service Microsoft +5
NVD
EPSS 5% CVSS 9.0
CRITICAL Act Now

Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 32% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.0% and no vendor patch available.

RCE Microsoft Office +4
NVD
EPSS 10% CVSS 6.8
MEDIUM This Month

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
EPSS 15% CVSS 4.3
MEDIUM This Month

Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
EPSS 20% CVSS 9.3
CRITICAL Act Now

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.1% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
EPSS 9% CVSS 5.0
MEDIUM This Month

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Office
NVD VulDB
EPSS 15% CVSS 4.3
MEDIUM POC THREAT This Month

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation Microsoft RCE +1
NVD
EPSS 11% CVSS 4.3
MEDIUM POC THREAT This Month

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Information Disclosure Microsoft Office +1
NVD
EPSS 57% CVSS 9.3
CRITICAL Emergency

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE +1
NVD
EPSS 57% CVSS 9.3
CRITICAL Emergency

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE +2
NVD
EPSS 53% CVSS 9.3
CRITICAL Emergency

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE +1
NVD
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy