Microsoft Office
379 CVEs affecting Microsoft Office. Latest disclosed: 2026-05-12. Critical: 5, High: 136.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-53766 | Critical | 9.8 | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2016-7182 | Critical | 9.8 | 2016-10-14 | The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows… |
CVE-2023-33150 | Critical | 9.6 | 2023-07-11 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2016-7277 | Critical | 9.6 | 2016-12-20 | Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft… |
CVE-2026-40420 | High | 8.8 | 2026-05-12 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2026-35436 | High | 8.8 | 2026-05-12 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2024-30103 | High | 8.8 | 2024-06-11 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2022-41106 | High | 8.8 | 2022-11-09 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-21840 | High | 8.8 | 2022-01-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2017-11854 | High | 8.8 | 2017-11-15 | Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service P… |
CVE-2017-8528 | High | 8.8 | 2017-06-15 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Wind… |
CVE-2017-8527 | High | 8.8 | 2017-06-15 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703… |
CVE-2017-8512 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-8510 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-8509 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-0283 | High | 8.8 | 2017-06-15 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Wind… |
CVE-2016-0183 | High | 8.8 | 2016-05-11 | The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allo… |
CVE-2016-0145 | High | 8.8 | 2016-04-12 | The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8… |
CVE-2013-0006 | High | 8.8 | 2013-01-09 | Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a cr… |