Vulnerabilities > Microsoft > Office > Low

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-29333 Unspecified vulnerability in Microsoft 365 Apps and Office
Microsoft Access Denial of Service Vulnerability
local
low complexity
microsoft
3.3
3.3
2022-10-11 CVE-2022-41043 Unspecified vulnerability in Microsoft Office and Office Long Term Servicing Channel
Microsoft Office Information Disclosure Vulnerability
local
low complexity
microsoft
3.3
3.3
2020-11-11 CVE-2020-17020 Unspecified vulnerability in Microsoft 365 Apps, Office and Word
Microsoft Word Security Feature Bypass Vulnerability
local
low complexity
microsoft
3.3
3.3
2018-03-14 CVE-2018-0919 Use of Uninitialized Resource vulnerability in Microsoft products
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-908
3.3
3.3
2018-02-15 CVE-2018-0853 Improper Initialization vulnerability in Microsoft Office 2010/2013/2016
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-665
3.3
3.3
2017-09-13 CVE-2017-8676 Information Exposure vulnerability in Microsoft products
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3
3.3
2016-09-14 CVE-2016-0137 7PK - Security Features vulnerability in Microsoft Office 2013/2016
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."
local
low complexity
microsoft CWE-254
3.3
3.3