Office

office

Vendor: Microsoft • 1,032 CVEs

CVEs (1,032)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-1201 1Microsoft 5Biztalk Server Commerce ServerInternet Security And Acceleration Server+2 more Apr 23, 2026 Mar 11, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, a...Show more Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."Show less
CVE-2008-0103 1Microsoft 1Office Apr 23, 2026 Feb 13, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, r...Show more Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."Show less
CVE-2008-0109 1Microsoft 2Office Word Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which t...Show more Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.Show less
CVE-2008-0108 1Microsoft 2Office Works Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with...Show more Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."Show less
CVE-2008-0105 1Microsoft 2Office Works Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information...Show more Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."Show less
CVE-2008-0104 1Microsoft 2Office Publisher Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
CVE-2007-0216 1Microsoft 2Office Works Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "M...Show more wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."Show less
CVE-2007-0065 1Microsoft 2Office Visual Basic Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to...Show more Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.Show less
CVE-2008-0081 1Microsoft 3Excel Excel ViewerOffice Apr 23, 2026 Jan 16, 2008 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulne...Show more Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.Show less
CVE-2007-6329 1Microsoft 1Office Apr 23, 2026 Dec 13, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated...Show more Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.Show less
CVE-2007-6026 1Microsoft 6Jet OfficeWindows 2000+3 more Apr 23, 2026 Nov 20, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB...Show more Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.Show less
CVE-2007-3899 1Microsoft 2Office Word Apr 23, 2026 Oct 9, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corrupt...Show more Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."Show less
CVE-2007-3890 1Microsoft 2Excel Office Apr 23, 2026 Aug 14, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
CVE-2007-2224 1Microsoft 2Office Visual Basic Apr 23, 2026 Aug 14, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the s...Show more Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.Show less
CVE-2007-3029 1Microsoft 2Excel Office Apr 23, 2026 Jul 10, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory...Show more Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.Show less
CVE-2007-1756 1Microsoft 3Excel Excel ViewerOffice Apr 23, 2026 Jul 10, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel f...Show more Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".Show less
CVE-2007-3282 1Microsoft 2Office Office Msodatasourcecontrol Activex Apr 23, 2026 Jun 19, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIf...Show more Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.Show less
CVE-2007-0936 1Microsoft 2Office Visio Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption,...Show more Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."Show less
CVE-2007-3109 1Microsoft 2Frontpage Office Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the P...Show more The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.Show less
CVE-2007-2903 1Microsoft 1Office Apr 23, 2026 May 30, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe cras...Show more Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.Show less

Previous 1...474849...52 Next