Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-8511

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-15 Jun, 2017 | 01:00
Updated At-05 Aug, 2024 | 16:41
Rejected At-
Credits

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:15 Jun, 2017 | 01:00
Updated At:05 Aug, 2024 | 16:41
Rejected At:
▼CVE Numbering Authority (CNA)

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

Affected Products
Vendor
Microsoft CorporationMicrosoft Corporation
Product
Microsoft Office
Versions
Affected
  • Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps Server 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016 for Mac, Microsoft PowerPoint for Mac 2011, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, and Microsoft SharePoint Enterprise Server 2016.
Problem Types
TypeCWE IDDescription
textN/ARemote Code Execution
Type: text
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/98815
vdb-entry
x_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/98815
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/98815
vdb-entry
x_refsource_BID
x_transferred
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/98815
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:15 Jun, 2017 | 01:29
Updated At:20 Apr, 2025 | 01:37

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>office>>2010
cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office>>2010
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office>>2013
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office>>2016
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_online_server>>2016
cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_web_apps>>2010
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_web_apps_server>>2013
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>powerpoint_for_mac>>2011
cpe:2.3:a:microsoft:powerpoint_for_mac:2011:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>powerpoint_for_mac>>2016
cpe:2.3:a:microsoft:powerpoint_for_mac:2016:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2013
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2016
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/98815secure@microsoft.com
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511secure@microsoft.com
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98815af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511af854a3a-2127-422b-91ae-364da2661108
Mitigation
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/98815
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
Source: secure@microsoft.com
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/98815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3889Records found
CVE-2021-40733
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.77% / 81.89%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:38
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate Memory Corruption Could Lead To Arbitrary Code Execution

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.16% / 90.45%
||
7 Day CHG~0.00%
Published-04 Dec, 2006 | 11:00
Updated-07 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.

Action-Not Available
Vendor-quinnwaren/aMicrosoft Corporation
Product-windows_xpwindows_95quintessential_playerwindows_98windows_ntwindows_2000windows_men/a
CVE-2021-40726
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-20.85% / 95.40%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:07
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2018-0600
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group CorporationMicrosoft Corporation
Product-windowsplaymemories_homethe installer of PlayMemories Home for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-16947
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-54.53% / 97.94%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.</p> <p>The security update addresses the vulnerability by correcting how Outlook handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoutlookofficeMicrosoft 365 Apps for EnterpriseMicrosoft Outlook 2016Microsoft Office 2019
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-17062
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CVE-2021-39829
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.15% / 88.21%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-23 Apr, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-framemakerwindowsFrameMaker
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-17417
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.20%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 17:10
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-416
Use After Free
CVE-2020-16968
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.84% / 92.18%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-01 Oct, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Camera Codec Pack Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709Windows 10 Version 1909Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-17412
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-6.08% / 90.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 17:10
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11224.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windows3dPhantomPDF
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-17123
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.00% / 89.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_web_appsexcel365_appsMicrosoft Excel 2010 Service Pack 2Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Excel 2016Microsoft Office 2019Microsoft Office 2019 for MacMicrosoft Office Web Apps 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1
CVE-2020-17124
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.00% / 90.33%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PowerPoint Remote Code Execution Vulnerability

Microsoft PowerPoint Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficepowerpointMicrosoft 365 Apps for EnterpriseMicrosoft PowerPoint 2010 Service Pack 2Microsoft PowerPoint 2016Microsoft Office 2019Microsoft Office 2019 for MacMicrosoft PowerPoint 2013 Service Pack 1
CVE-2020-17125
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.00% / 90.33%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsexcel365_appsoffice_online_serverofficeMicrosoft Excel 2010 Service Pack 2Microsoft 365 Apps for EnterpriseMicrosoft Office Online ServerMicrosoft Excel 2016Microsoft Office 2019Microsoft Office Web Apps 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1
CVE-2016-3259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-27.13% / 96.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3248.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-76.50% / 98.89%
||
7 Day CHG~0.00%
Published-14 Dec, 2006 | 18:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficeword_viewerworksn/a
CVE-2021-39841
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-12.19% / 93.58%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2013-5325
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-0.83% / 73.63%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-windowsacrobatacrobat_readern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-17104
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2020-16977
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-4.87% / 89.15%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Python Extension Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codePython extension for Visual Studio Code
CVE-2020-16918
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.47% / 92.94%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Base3D Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a victim system.</p> <p>The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-3d_viewer365_appsMicrosoft 365 Apps for Enterprise3D Viewer
CVE-2017-8565
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-38.26% / 97.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
CVE-2020-17127
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.00% / 90.33%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-excelMicrosoft Excel 2010 Service Pack 2
CVE-2020-17128
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.86% / 90.21%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsexcel365_appsoffice_online_serverofficeMicrosoft Excel 2010 Service Pack 2Microsoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office Online ServerMicrosoft Excel 2016Microsoft Office 2019Microsoft Office 2019 for MacMicrosoft Office Web Apps 2013 Service Pack 1Microsoft Office 2010 Service Pack 2Microsoft Excel 2013 Service Pack 1
CVE-2020-17129
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.00% / 90.33%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsexcel365_appsoffice_online_serverofficeMicrosoft Excel 2010 Service Pack 2Microsoft 365 Apps for EnterpriseMicrosoft Office Online ServerMicrosoft Excel 2016Microsoft Office 2019Microsoft Office Web Apps 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1
CVE-2017-8682
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-66.01% / 98.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012office_2010windows_server_2016windows_8.1windows_rt_8.1windows_10office_word_vieweroffice_2007Windows graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3338
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1276
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.69% / 98.03%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8743
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.41% / 96.69%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverpowerpointsharepoint_serverMicrosoft Office
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6332
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-94.07% / 99.89%
||
7 Day CHG~0.00%
Published-11 Nov, 2014 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2003windows_server_2012windows_8.1n/aWindows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8632
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-22.44% / 95.62%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.

Action-Not Available
Vendor-Microsoft Corporation
Product-excelexcel_for_macoffice_web_appsoffice_compatibility_packMicrosoft Office
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3303
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-49.40% / 97.71%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-live_meetingwindows_7windows_server_2008word_viewerlyncskype_for_businesswindows_vistaofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-6366
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-31.90% / 96.66%
||
7 Day CHG+0.40%
Published-11 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8630
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-22.84% / 95.68%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8725
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.41% / 96.69%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".

Action-Not Available
Vendor-Microsoft Corporation
Product-publisherMicrosoft Office
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-17108
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video Extensions
CVE-2017-8567
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.41% / 96.69%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".

Action-Not Available
Vendor-Microsoft Corporation
Product-excel_for_macMicrosoft Office
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-17066
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.06% / 91.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-excelMicrosoft Excel 2010 Service Pack 2
CVE-2006-5994
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.82% / 98.32%
||
7 Day CHG~0.00%
Published-06 Dec, 2006 | 20:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficeword_viewerworksn/a
CVE-2017-8620
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-71.57% / 98.67%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft Windows Search Component
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1274
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.12% / 97.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8578
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.07% / 93.53%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2017-8571
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-14.41% / 94.17%
||
7 Day CHG~0.00%
Published-01 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Office
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8570
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-94.25% / 99.92%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-25||Apply updates per vendor instructions.

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.Office
CVE-2017-8718
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.41% / 96.69%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft JET Database Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3863
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-45.91% / 97.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3940
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-67.62% / 98.51%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2003windows_server_2012windows_8.1n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-8506
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.91% / 96.82%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Office
CVE-2013-3891
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.42% / 97.84%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8527
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-28.83% / 96.38%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016officewindows_8.1silverlightwindows_rt_8.1lyncwindows_10skype_for_businessGraphics
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8513
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.26% / 96.77%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverpowerpointMicrosoft PowerPoint
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 77
  • 78
  • Next
Details not found