Excel

excel

Vendor: Microsoft • 405 CVEs

CVEs (405)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-1302 1Microsoft 2Excel Excel Viewer Apr 16, 2026 Jul 13, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malf...Show more Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."Show less
CVE-2006-3431 1Microsoft 1Excel Apr 16, 2026 Jul 7, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user att...Show more Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.Show less
CVE-2006-3014 1Microsoft 1Excel Apr 16, 2026 Jun 22, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically...Show more Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.Show less
CVE-2006-3059 1Microsoft 2Excel Excel Viewer Apr 16, 2026 Jun 17, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
CVE-2006-0030 1Microsoft 2Excel Office Apr 16, 2026 Mar 14, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, whi...Show more Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Show less
CVE-2006-0029 1Microsoft 2Excel Office Apr 16, 2026 Mar 14, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description,...Show more Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Show less
CVE-2006-0028 1Microsoft 2Excel Office Apr 16, 2026 Mar 14, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malfo...Show more Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Show less
CVE-2005-4131 1Microsoft 1Excel Apr 16, 2026 Dec 9, 2005 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which...Show more Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.Show less
CVE-2004-0846 1Microsoft 2Excel Office Apr 16, 2026 Nov 3, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
CVE-2004-0200 1Microsoft 23.net Framework Digital Image ProDigital Image Suite+20 more Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM fiel...Show more Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Show less
CVE-2002-1143 1Microsoft 2Excel Word Apr 16, 2026 Apr 11, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDET...Show more Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."Show less
CVE-2002-0618 1Microsoft 2Excel Office Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet,...Show more The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".Show less
CVE-2002-0617 1Microsoft 2Excel Office Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containi...Show more The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."Show less
CVE-2002-0616 1Microsoft 2Excel Office Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability...Show more The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."Show less
CVE-2002-0615 1Microsoft 2Excel Office Apr 16, 2026 Jul 3, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Me...Show more The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".Show less
CVE-2002-0152 1Microsoft 6Entourage ExcelIe+3 more Apr 16, 2026 Apr 22, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters...Show more Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.Show less
CVE-2001-0718 1Microsoft 2Excel Powerpoint Apr 16, 2026 Oct 30, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the documen...Show more Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.Show less
CVE-2000-0765 1Microsoft 3Excel PowerpointWord Apr 16, 2026 Oct 20, 2000 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
CVE-2000-0637 1Microsoft 1Excel Apr 16, 2026 Jul 26, 2000 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
CVE-2000-0597 1Microsoft 2Excel Powerpoint Apr 16, 2026 Jun 27, 2000 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the...Show more Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.Show less

Previous 1...17 18 192021 Next