Vulnerabilities > Microsoft > Office > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-36765 Unspecified vulnerability in Microsoft Office 2019
Microsoft Office Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
 9.8
9.8
2023-02-14 CVE-2023-21716 Unspecified vulnerability in Microsoft products
Microsoft Word Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2021-12-15 CVE-2021-43905 Unspecified vulnerability in Microsoft Office
Microsoft Office app Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.6
9.6
2020-05-21 CVE-2020-0901 Unspecified vulnerability in Microsoft 365 Apps and Office
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
network
low complexity
microsoft
critical
 9.8
9.8
2019-11-12 CVE-2019-1449 Unspecified vulnerability in Microsoft Office and Office 365 Proplus
A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'.
network
low complexity
microsoft
critical
 9.8
9.8
2019-07-15 CVE-2019-1109 Improper Input Validation vulnerability in Microsoft Office and Office 365
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.
network
low complexity
microsoft CWE-20
critical
 9.1
9.1
2016-12-20 CVE-2016-7277 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2016
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
critical
 9.6
9.6
2016-10-14 CVE-2016-7182 Improper Input Validation vulnerability in Microsoft products
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-20
critical
 9.8
9.8
2008-01-16 CVE-2008-0081 Use of Uninitialized Resource vulnerability in Microsoft Excel, Excel Viewer and Office
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
network
low complexity
microsoft CWE-908
critical
 9.8
9.8