threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft word
Product
microsoft word
247 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-42832
< 16.0.19822.20190
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
7.7
HIGH
CVE-2026-41101
< 16.0.19822.20190
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
7.1
HIGH
CVE-2026-40421
all versions
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose informati
4.3
MEDIUM
CVE-2026-26133
< 16.0.19822.20038
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
7.1
HIGH
CVE-2026-21511
all versions
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
7.5
HIGH
CVE-2026-20948
all versions
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-62562
all versions
Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-62559
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-62558
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-62555
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-59222
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-59221
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-54905
all versions
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
7.1
HIGH
CVE-2025-53738
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-53736
all versions
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
6.8
MEDIUM
CVE-2025-53733
all versions
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
8.4
HIGH
CVE-2025-49703
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-49700
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-49699
all versions
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2025-49698
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-47169
all versions
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-47168
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-29816
all versions
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
7.5
HIGH
CVE-2025-27747
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-24079
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.8
HIGH
CVE-2025-24078
all versions
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
7.0
HIGH
CVE-2024-41165
all versions
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access
7.1
HIGH
CVE-2024-49065
all versions
Microsoft Office Remote Code Execution Vulnerability
5.5
MEDIUM
CVE-2024-49033
all versions
Microsoft Word Security Feature Bypass Vulnerability
7.5
HIGH
CVE-2024-21379
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2024-20673
all versions
Microsoft Office Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36762
all versions
Microsoft Word Remote Code Execution Vulnerability
7.3
HIGH
CVE-2023-36761
all versions
Microsoft Word Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2023-33150
all versions
Microsoft Office Security Feature Bypass Vulnerability
9.6
CRITICAL
CVE-2023-29335
all versions
Microsoft Word Security Feature Bypass Vulnerability
7.5
HIGH
CVE-2023-21716
all versions
Microsoft Word Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2022-41103
all versions
Microsoft Word Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-41061
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2022-41060
all versions
Microsoft Word Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-29107
all versions
Microsoft Office Security Feature Bypass Vulnerability
5.5
MEDIUM
CVE-2022-26903
all versions
Windows Graphics Component Remote Code Execution Vulnerability
7.8
HIGH
CVE-2022-24511
all versions
Microsoft Office Word Tampering Vulnerability
5.5
MEDIUM
CVE-2022-21842
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-40486
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-34452
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-31180
all versions
Microsoft Office Graphics Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-31178
all versions
Microsoft Office Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2021-31177
all versions
Microsoft Office Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-28453
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-1716
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2021-1715
all versions
Microsoft Word Remote Code Execution Vulnerability
7.8
HIGH
CVE-2020-17020
all versions
Microsoft Word Security Feature Bypass Vulnerability
3.3
LOW
CVE-2020-16933
all versions
<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attac
7.0
HIGH
CVE-2020-1218
all versions
<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An
7.8
HIGH
CVE-2020-1583
all versions
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker wh
8.8
HIGH
CVE-2020-1503
all versions
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker wh
5.5
MEDIUM
CVE-2020-1448
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1447
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1446
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2020-1445
all versions
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microso
5.5
MEDIUM
CVE-2020-1342
all versions
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized va
5.5
MEDIUM
CVE-2020-1229
all versions
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a
4.3
MEDIUM
CVE-2020-1223
all versions
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the
8.8
HIGH
CVE-2020-0980
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
7.8
HIGH
CVE-2020-0760
all versions
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Offic
8.8
HIGH
CVE-2020-0892
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
7.8
HIGH
CVE-2020-0850
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
8.8
HIGH
CVE-2019-1461
all versions
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory,
6.5
MEDIUM
CVE-2019-1201
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An att
7.8
HIGH
CVE-2019-1034
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An att
7.8
HIGH
CVE-2019-0953
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'M
7.8
HIGH
CVE-2019-0585
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "M
8.8
HIGH
CVE-2019-0561
all versions
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Informat
5.5
MEDIUM
CVE-2018-8573
all versions
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "M
7.8
HIGH
CVE-2018-8504
all versions
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Prot
8.8
HIGH
CVE-2018-8430
all versions
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote
7.8
HIGH
CVE-2018-8310
all versions
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML ema
7.5
HIGH
CVE-2018-8161
all versions
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in me
7.8
HIGH
CVE-2018-0950
all versions
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects wh
6.5
MEDIUM
CVE-2018-0922
all versions
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office
7.8
HIGH
CVE-2018-0919
all versions
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office
3.3
LOW
CVE-2018-0862
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0849
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0848
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0845
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
7.8
HIGH
CVE-2018-0812
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
7.8
HIGH
CVE-2018-0807
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0806
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0805
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0804
all versions
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Offic
8.8
HIGH
CVE-2018-0802
all versions
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote c
7.8
HIGH
CVE-2018-0801
all versions
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote
8.8
HIGH
CVE-2018-0798
all versions
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote
8.8
HIGH
CVE-2018-0797
all versions
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way
7.8
HIGH
CVE-2018-0795
all versions
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way
8.8
HIGH
CVE-2018-0794
all versions
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote c
8.8
HIGH
CVE-2018-0793
all versions
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the w
7.8
HIGH
CVE-2018-0792
all versions
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in me
8.8
HIGH
CVE-2017-11854
all versions
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office
8.8
HIGH
CVE-2017-11826
all versions
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 an
7.8
HIGH
CVE-2017-8510
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
8.8
HIGH
CVE-2017-8509
all versions
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka
8.8
HIGH
CVE-2017-0292
all versions
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server
7.8
HIGH
CVE-2017-0281
all versions
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Offi
7.8
HIGH
CVE-2017-0254
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Micr
7.8
HIGH
CVE-2017-0105
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Service
5.5
MEDIUM
CVE-2017-0053
all versions
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016
7.8
HIGH
CVE-2017-0031
all versions
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbit
7.8
HIGH
CVE-2017-0030
all versions
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word
7.8
HIGH
CVE-2017-0029
all versions
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (app
5.5
MEDIUM
CVE-2017-0019
all versions
Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft
7.8
HIGH
CVE-2017-0003
all versions
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document,
7.8
HIGH
CVE-2016-7291
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Service
7.1
HIGH
CVE-2016-7290
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Service
7.1
HIGH
CVE-2016-7268
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Autom
7.1
HIGH
CVE-2016-7235
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allo
7.8
HIGH
CVE-2016-7234
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word
7.8
HIGH
CVE-2016-7233
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack
6.5
MEDIUM
CVE-2016-7232
all versions
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers t
7.8
HIGH
CVE-2016-7193
all versions
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office
7.8
HIGH
CVE-2016-3317
all versions
Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attack
7.8
HIGH
CVE-2016-3316
all versions
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file,
7.8
HIGH
CVE-2016-3282
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-3281
all versions
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word A
7.8
HIGH
CVE-2016-3280
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Of
7.8
HIGH
CVE-2016-3279
all versions
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1,
5.5
MEDIUM
CVE-2016-3234
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on S
5.5
MEDIUM
CVE-2016-0025
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 201
7.3
HIGH
CVE-2016-0198
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-0183
all versions
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and
8.8
HIGH
CVE-2016-0127
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word View
7.8
HIGH
CVE-2016-0134
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-0056
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack
7.8
HIGH
CVE-2016-0053
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3
7.8
HIGH
CVE-2016-0052
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-0022
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016
7.8
HIGH
CVE-2016-0012
all versions
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, Po
4.3
MEDIUM
CVE-2015-6172
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack
CVE-2015-6124
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow
CVE-2015-6092
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3
CVE-2015-6091
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote
CVE-2015-2503
all versions
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2
CVE-2015-2470
all versions
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Wor
CVE-2015-2469
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code
CVE-2015-2468
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016
CVE-2015-2423
all versions
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a
CVE-2015-2424
all versions
Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoi
8.8
HIGH
CVE-2015-2380
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arb
CVE-2015-2379
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer all
CVE-2015-1682
all versions
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP
CVE-2015-1651
all versions
Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to
CVE-2015-1650
all versions
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Vie
CVE-2015-1649
all versions
Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP
CVE-2015-1641
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility
7.8
HIGH
CVE-2015-0097
all versions
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote
CVE-2015-0086
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Co
CVE-2015-0085
all versions
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Ex
CVE-2015-0065
all versions
Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c
CVE-2015-0064
all versions
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010
CVE-2014-6356
all versions
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute
CVE-2014-6335
all versions
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause
CVE-2014-6334
all versions
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause
CVE-2014-6333
all versions
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a cra
CVE-2014-4117
all versions
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibilit
CVE-2014-2778
all versions
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of se
CVE-2014-1758
all versions
Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, a
CVE-2014-1757
all versions
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions
CVE-2014-1761
all versions
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac
7.8
HIGH
CVE-2014-0260
all versions
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Ser
CVE-2014-0259
all versions
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of se
CVE-2014-0258
all versions
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
CVE-2013-6801
all versions
Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a mal
CVE-2013-3892
all versions
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office do
CVE-2013-3891
all versions
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vu
CVE-2013-3858
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3857
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, W
CVE-2013-3856
all versions
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corr
CVE-2013-3855
all versions
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
CVE-2013-3854
all versions
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory
CVE-2013-3853
all versions
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory
CVE-2013-3852
all versions
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute
CVE-2013-3851
all versions
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote at
CVE-2013-3850
all versions
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to
CVE-2013-3849
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3848
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3847
all versions
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Wo
CVE-2013-3160
all versions
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files
CVE-2013-1335
all versions
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document
CVE-2012-2539
all versions
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2
7.8
HIGH
CVE-2012-2528
all versions
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP
CVE-2012-0182
all versions
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attacker
CVE-2012-0183
all versions
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote
CVE-2010-3221
all versions
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsin
CVE-2010-3220
all versions
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via
CVE-2010-3219
all versions
Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document
CVE-2010-3218
all versions
Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a
CVE-2010-3217
all versions
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with cr
CVE-2010-3216
all versions
Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document conta
CVE-2010-3215
all versions
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document
CVE-2010-3214
all versions
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File
CVE-2010-2750
all versions
Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a craft
CVE-2010-2748
all versions
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, w
CVE-2010-2747
all versions
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document,
CVE-2010-3200
all versions
MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference
CVE-2010-1903
all versions
Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a
CVE-2010-1902
all versions
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File F
CVE-2010-1901
all versions
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for
CVE-2010-1900
all versions
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for
CVE-2008-6063
all versions
Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email a
CVE-2008-2752
all versions
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote att
CVE-2008-1092
all versions
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary cod
CVE-2008-0109
all versions
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitra
CVE-2007-3899
all versions
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers
CVE-2007-1202
all versions
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not
CVE-2007-1911
all versions
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption)
CVE-2007-1910
all versions
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and p
CVE-2007-0208
all versions
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly c
CVE-2007-0870
all versions
Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors,
CVE-2007-0671
all versions
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote u
8.8
HIGH
CVE-2007-0515
all versions
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and caus
CVE-2006-6561
all versions
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbi
CVE-2006-6456
all versions
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via
CVE-2006-5994
all versions
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and
CVE-2006-4693
all versions
Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrar
CVE-2006-3877
all versions
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X fo
CVE-2006-3651
all versions
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary
CVE-2006-0935
all versions
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated b
CVE-2005-0564
all versions
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote
CVE-2005-1683
all versions
Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remo
CVE-2005-0558
all versions
Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted d
CVE-2004-0963
all versions
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial
CVE-2004-0848
all versions
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location conta
CVE-2004-0573
all versions
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 throu
CVE-2004-0200
all versions
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, all
CVE-2003-0821
all versions
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel
CVE-2003-0820
all versions
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "M
CVE-2003-0664
all versions
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypas
CVE-2002-1143
all versions
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information
CVE-2002-1056
all versions
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used w
CVE-2001-0628
all versions
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros
CVE-2001-0501
<= 2002
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros
CVE-2001-0240
all versions
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (
CVE-2000-0788
all versions
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database,
CVE-2000-0765
all versions
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embed
CVE-2000-0419
all versions
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activi
CVE-2000-0088
all versions
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute comman
CVE-1999-0354
all versions
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin