threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft office web apps
Product
microsoft office web apps
106 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-21716
all versions
Microsoft Word Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2022-22716
all versions
Microsoft Excel Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-21840
all versions
Microsoft Office Remote Code Execution Vulnerability
8.8
HIGH
CVE-2021-43256
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-38655
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-28453
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-27057
all versions
Microsoft Office Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-27054
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-27053
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-24070
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-24069
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-24068
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-24067
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-1716
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-1715
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17129
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17128
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17126
all versions
Microsoft Excel Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2020-17125
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17123
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17122
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17065
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17064
all versions
Microsoft Excel Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-16932
all versions
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in
7.8
HIGH
CVE-2020-16931
all versions
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in
7.8
HIGH
CVE-2020-16929
all versions
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in
7.8
HIGH
CVE-2020-1335
all versions
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in
7.8
HIGH
CVE-2020-1224
all versions
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacke
5.5
MEDIUM
CVE-2020-1218
all versions
<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An
7.8
HIGH
CVE-2020-1583
all versions
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker wh
8.8
HIGH
CVE-2020-1503
all versions
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker wh
5.5
MEDIUM
CVE-2020-1448
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1447
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1446
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1445
all versions
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microso
5.5
MEDIUM
CVE-2020-1442
all versions
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office
6.1
MEDIUM
CVE-2020-1342
all versions
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized va
5.5
MEDIUM
CVE-2020-0980
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
7.8
HIGH
CVE-2020-0892
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
7.8
HIGH
CVE-2019-1201
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An att
7.8
HIGH
CVE-2019-1034
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An att
7.8
HIGH
CVE-2018-8628
all versions
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects i
7.8
HIGH
CVE-2018-8539
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "M
7.8
HIGH
CVE-2018-8504
all versions
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Prot
8.8
HIGH
CVE-2018-8378
all versions
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized va
5.5
MEDIUM
CVE-2018-8247
all versions
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle w
5.4
MEDIUM
CVE-2018-8161
all versions
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in me
7.8
HIGH
CVE-2018-1028
all versions
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded font
8.8
HIGH
CVE-2018-0922
all versions
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office
7.8
HIGH
CVE-2018-0919
all versions
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office
3.3
LOW
CVE-2018-0797
all versions
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way
7.8
HIGH
CVE-2017-8742
all versions
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2
7.8
HIGH
CVE-2017-8696
all versions
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; O
7.5
HIGH
CVE-2017-8632
all versions
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsof
7.8
HIGH
CVE-2017-8631
all versions
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service
7.8
HIGH
CVE-2017-8512
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
8.8
HIGH
CVE-2017-8511
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
7.8
HIGH
CVE-2017-8509
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
8.8
HIGH
CVE-2017-0281
all versions
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Offi
7.8
HIGH
CVE-2017-0254
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Micr
7.8
HIGH
CVE-2017-0195
all versions
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web
5.4
MEDIUM
CVE-2017-0105
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Service
5.5
MEDIUM
CVE-2017-0030
all versions
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word
7.8
HIGH
CVE-2017-0020
all versions
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arb
7.8
HIGH
CVE-2016-7291
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Service
7.1
HIGH
CVE-2016-7290
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Service
7.1
HIGH
CVE-2016-7268
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Autom
7.1
HIGH
CVE-2016-7234
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word
7.8
HIGH
CVE-2016-7233
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack
6.5
MEDIUM
CVE-2016-7230
all versions
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code vi
7.8
HIGH
CVE-2016-3360
all versions
Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office C
7.8
HIGH
CVE-2016-3357
all versions
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac
7.8
HIGH
CVE-2016-3282
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-3281
all versions
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word A
7.8
HIGH
CVE-2016-3279
all versions
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1,
5.5
MEDIUM
CVE-2016-3234
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on S
5.5
MEDIUM
CVE-2016-0025
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 201
7.3
HIGH
CVE-2016-0183
all versions
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and
8.8
HIGH
CVE-2016-0140
all versions
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 a
7.8
HIGH
CVE-2016-0054
all versions
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, O
7.8
HIGH
CVE-2015-6093
all versions
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoi
CVE-2015-6037
all versions
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2
CVE-2015-1650
all versions
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Vie
CVE-2015-1649
all versions
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP
CVE-2015-1641
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility
7.8
HIGH
CVE-2014-1761
all versions
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac
7.8
HIGH
CVE-2014-0260
all versions
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Ser
CVE-2013-5059
all versions
Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code
CVE-2013-3895
all versions
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted we
CVE-2013-3889
all versions
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Ma
CVE-2013-3858
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3857
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, W
CVE-2013-3849
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3848
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3847
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-1330
all versions
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Off
CVE-2013-1315
all versions
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2
CVE-2013-1289
all versions
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 20
CVE-2012-2539
all versions
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2
7.8
HIGH
CVE-2012-2528
all versions
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP
CVE-2012-2520
all versions
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and
CVE-2012-1861
all versions
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1
CVE-2012-1860
all versions
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do
CVE-2012-1859
all versions
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundatio
CVE-2011-1892
all versions
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2
CVE-2010-3214
all versions
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin