Search Results (1330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0009 1 Microsoft 2 Office, Works 2026-04-16 N/A
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
CVE-2004-0846 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
CVE-2000-0854 1 Microsoft 1 Office 2026-04-16 N/A
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
CVE-2002-0617 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
CVE-2006-0008 1 Microsoft 3 Office, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
CVE-2006-0007 1 Microsoft 1 Office 2026-04-16 N/A
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
CVE-2002-0021 1 Microsoft 1 Office 2026-04-16 N/A
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
CVE-2006-0004 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
CVE-2002-0618 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
CVE-2002-0615 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
CVE-2005-2127 2 Ati, Microsoft 6 Catalyst Driver, .net Framework, Office and 3 more 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
CVE-2026-21259 1 Microsoft 9 365 Apps, Excel, Excel 2016 and 6 more 2026-04-15 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21258 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-15 5.5 Medium
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21260 1 Microsoft 11 365 Apps, Office, Office 2019 and 8 more 2026-04-15 7.5 High
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21514 1 Microsoft 6 365 Apps, Office 2021, Office 2024 and 3 more 2026-04-15 7.8 High
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21511 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-04-15 7.5 High
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21261 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-15 5.5 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-20846 1 Microsoft 31 Office, Windows 10 1607, Windows 10 1809 and 28 more 2026-04-15 7.5 High
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-26109 1 Microsoft 13 365 Apps, Excel, Excel 2016 and 10 more 2026-04-14 8.4 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-14 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.