Vulnerabilities > Microsoft > Excel > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-12 | CVE-2018-1029 | Unspecified vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | 7.8 |
2018-04-12 | CVE-2018-1027 | Unspecified vulnerability in Microsoft Excel and Office Compatibility Pack A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. | 7.8 |
2017-11-15 | CVE-2017-11878 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | 7.8 |
2017-09-13 | CVE-2017-8631 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 7.8 |
2016-09-14 | CVE-2016-3363 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381. | 7.8 |
2010-03-10 | CVE-2010-0258 | Type Confusion vulnerability in Microsoft products Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | 7.8 |
2008-07-07 | CVE-2008-3068 | Remote Information Disclosure vulnerability in Microsoft Crypto API X.509 Certificate Validation Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | 7.5 |
2007-07-10 | CVE-2007-3030 | Remote Code Execution vulnerability in Microsoft Excel Workspace Designation Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". | 7.6 |
2007-06-29 | CVE-2007-3490 | Remote Denial Of Service vulnerability in Microsoft Excel 2003 Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. | 7.5 |
2007-05-08 | CVE-2007-0215 | Remote Code Execution vulnerability in Microsoft Excel, Excel Viewer and Office Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. | 7.6 |