Vulnerabilities > Microsoft > Word Automation Services > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-08 CVE-2019-0585 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.
network
low complexity
microsoft
8.8
8.8
2018-04-12 CVE-2018-1028 Code Injection vulnerability in Microsoft products
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
network
low complexity
microsoft CWE-94
8.8
8.8
2017-06-15 CVE-2017-8512 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8
2016-12-20 CVE-2016-7291 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
local
low complexity
microsoft CWE-125
7.1
7.1
2016-12-20 CVE-2016-7290 Out-of-bounds Read vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
local
low complexity
microsoft CWE-125
7.1
7.1