Microsoft Office 365 Proplus — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Office 365 Proplus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (84)
CVE-2019-1205 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1449 — CVSS 9.8 (critical): A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which…
CVE-2020-0850 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2018-8582 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft…
CVE-2018-8504 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected…
CVE-2020-0760 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote…
CVE-2020-0759 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2018-8501 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in…
CVE-2018-8502 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected…
CVE-2019-1110 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-1331 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-1327 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2020-0979 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-0585 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft…
CVE-2019-1111 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2020-0906 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-0822 — CVSS 7.8 (high): A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft…
CVE-2019-0824 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0825 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0826 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0827 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0828 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-0946 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0953 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2019-1034 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1035 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2020-0991 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka…
CVE-2018-8432 — CVSS 7.8 (high): A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft…
CVE-2018-8522 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka…
CVE-2018-8524 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka…
CVE-2018-8573 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft…
CVE-2018-8574 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2018-8575 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka…
CVE-2018-8576 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka…
CVE-2018-8577 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2018-8587 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka…
CVE-2018-8628 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2018-8636 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-0582 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database…
CVE-2019-0671 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0672 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0673 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0674 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2019-0801 — CVSS 7.8 (high): A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an…
CVE-2019-1155 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who…
CVE-2019-1199 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker…
CVE-2019-1200 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker…
CVE-2019-1201 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1246 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database…
CVE-2019-1264 — CVSS 7.8 (high): A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature…
CVE-2019-1448 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2019-1462 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2020-0650 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2020-0651 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2020-0652 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka…
CVE-2020-0653 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2020-0697 — CVSS 7.8 (high): An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited…
CVE-2020-0851 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0855 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0892 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0961 — CVSS 7.8 (high): A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka…
CVE-2020-0980 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2019-0669 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2019-1084 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable…
CVE-2019-1461 — CVSS 6.5 (medium): A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka…
CVE-2020-0696 — CVSS 6.5 (medium): A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka…
CVE-2018-8579 — CVSS 6.5 (medium): An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure…
CVE-2018-8558 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the…
CVE-2019-0559 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook…
CVE-2018-8546 — CVSS 5.9 (medium): A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This…
CVE-2019-1400 — CVSS 5.5 (medium): An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory…
CVE-2018-8427 — CVSS 5.5 (medium): An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft…
CVE-2019-1463 — CVSS 5.5 (medium): An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory…
CVE-2019-1112 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2019-1464 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2018-8627 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable…
CVE-2019-1263 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2019-0561 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information…
CVE-2019-0560 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office…
CVE-2019-0540 — CVSS 5.5 (medium): A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially…
CVE-2018-8598 — CVSS 4.7 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel…
CVE-2019-1204 — CVSS 4.3 (medium): An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient…