Microsoft Word
128 CVEs affecting Microsoft Word. Latest disclosed: 2026-05-12. Critical: 1, High: 41.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33150 | Critical | 9.6 | 2023-07-11 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2017-11854 | High | 8.8 | 2017-11-15 | Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service P… |
CVE-2017-8510 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-8509 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2016-0183 | High | 8.8 | 2016-05-11 | The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allo… |
CVE-2026-40367 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-40366 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-40364 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-40361 | High | 8.4 | 2026-05-12 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2024-20673 | High | 7.8 | 2024-02-13 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2022-41061 | High | 7.8 | 2022-11-09 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2017-0292 | High | 7.8 | 2017-06-15 | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code exec… |
CVE-2017-0281 | High | 7.8 | 2017-05-12 | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project… |
CVE-2017-0254 | High | 7.8 | 2017-05-12 | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP… |
CVE-2017-0053 | High | 7.8 | 2017-03-17 | Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remot… |
CVE-2017-0031 | High | 7.8 | 2017-03-17 | Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial o… |
CVE-2017-0030 | High | 7.8 | 2017-03-17 | Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on ShareP… |
CVE-2017-0019 | High | 7.8 | 2017-03-17 | Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft O… |
CVE-2017-0003 | High | 7.8 | 2017-01-10 | Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory… |
CVE-2016-7235 | High | 7.8 | 2016-11-10 | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute… |