Vulnerabilities > Microsoft > Office WEB Apps > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16931 | Use of Uninitialized Resource vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
| 2020-10-16 | CVE-2020-16929 | Use After Free vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
| 2020-09-11 | CVE-2020-1335 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
| 2020-09-11 | CVE-2020-1218 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
| 2020-08-17 | CVE-2020-1583 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. | 8.8 |
| 2019-08-14 | CVE-2019-1201 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
| 2017-09-13 | CVE-2017-8696 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." | 7.6 |
| 2017-09-13 | CVE-2017-8631 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 7.8 |
| 2015-04-14 | CVE-2015-1641 | Out-of-bounds Write vulnerability in Microsoft products Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | 7.8 |
| 2014-03-25 | CVE-2014-1761 | Out-of-bounds Write vulnerability in Microsoft products Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. | 7.8 |