Filtered by vendor Microsoft
Subscriptions
Filtered by product Office
Subscriptions
Total
854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1153 | 1 Microsoft | 18 Office, Windows 10, Windows 10 1507 and 15 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | ||||
| CVE-2019-1151 | 1 Microsoft | 18 Office, Windows 10, Windows 10 1507 and 15 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | ||||
| CVE-2019-1149 | 1 Microsoft | 18 Office, Windows 10, Windows 10 1507 and 15 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | ||||
| CVE-2019-1148 | 1 Microsoft | 18 Office, Windows 10, Windows 10 1507 and 15 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | ||||
| CVE-2019-1112 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | ||||
| CVE-2019-1111 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110. | ||||
| CVE-2019-1110 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111. | ||||
| CVE-2019-1109 | 1 Microsoft | 2 Office, Office 365 | 2024-11-21 | N/A |
| A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. | ||||
| CVE-2019-1084 | 1 Microsoft | 9 Exchange Server, Lync, Lync Basic and 6 more | 2024-11-21 | N/A |
| An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'. | ||||
| CVE-2019-1035 | 1 Microsoft | 4 Office, Office 365 Proplus, Office Online Server and 1 more | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1034. | ||||
| CVE-2019-1034 | 1 Microsoft | 7 Office, Office 365 Proplus, Office Online Server and 4 more | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1035. | ||||
| CVE-2019-0953 | 1 Microsoft | 4 Office, Office 365 Proplus, Office Online Server and 1 more | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | ||||
| CVE-2019-0947 | 1 Microsoft | 1 Office | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946. | ||||
| CVE-2019-0946 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0947. | ||||
| CVE-2019-0945 | 1 Microsoft | 2 Office, Office 365 | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947. | ||||
| CVE-2019-0827 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826. | ||||
| CVE-2019-0826 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827. | ||||
| CVE-2019-0825 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827. | ||||
| CVE-2019-0824 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. | ||||
| CVE-2019-0823 | 1 Microsoft | 1 Office | 2024-11-21 | N/A |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. | ||||