Microsoft Office Online Server — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Office Online Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (195)
CVE-2019-1205 — CVSS 9.8 (critical): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2020-1448 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2019-1331 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka…
CVE-2017-8512 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2020-1583 — CVSS 8.8 (high): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2020-1495 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An…
CVE-2020-1446 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1447 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0850 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2018-0792 — CVSS 8.8 (high): Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka…
CVE-2019-0585 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft…
CVE-2026-26109 — CVSS 8.4 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59236 — CVSS 8.4 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-49697 — CVSS 8.4 (high): Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44822 — CVSS 8.2 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2020-1218 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker…
CVE-2020-1335 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-1338 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker…
CVE-2026-45469 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2016-3282 — CVSS 7.8 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac…
CVE-2017-8501 — CVSS 7.8 (high): Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office…
CVE-2017-8511 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2017-8631 — CVSS 7.8 (high): A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2…
CVE-2017-8743 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online…
CVE-2018-0797 — CVSS 7.8 (high): Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF…
CVE-2018-0922 — CVSS 7.8 (high): Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office…
CVE-2018-8628 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2019-0953 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2019-1034 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1035 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1201 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2020-0852 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0892 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0980 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2025-53741 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53759 — CVSS 7.8 (high): Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54896 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54898 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54900 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54902 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54903 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54904 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59223 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59224 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59225 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59231 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code…
CVE-2025-59233 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code…
CVE-2025-60727 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62200 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62201 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62203 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62556 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62560 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62561 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62563 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62564 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20950 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20955 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20957 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-21259 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26107 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26112 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32189 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32197 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40359 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40360 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40362 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44817 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44820 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44823 — CVSS 7.8 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2020-16929 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-16931 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-16932 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2025-27751 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29977 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29979 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30375 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code…
CVE-2025-30376 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30379 — CVSS 7.8 (high): Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30381 — CVSS 7.8 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30383 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code…
CVE-2025-47165 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-49711 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53735 — CVSS 7.8 (high): Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53737 — CVSS 7.8 (high): Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53739 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code…
CVE-2016-0025 — CVSS 7.3 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word…
CVE-2025-62202 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59235 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32188 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-60726 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59232 — CVSS 7.1 (high): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-44818 — CVSS 7.0 (high): Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2020-1442 — CVSS 6.1 (medium): A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps…
CVE-2020-1224 — CVSS 5.5 (medium): <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who…
CVE-2020-1502 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2020-1503 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2019-1446 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel…
CVE-2020-1342 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable…
CVE-2026-21258 — CVSS 5.5 (medium): Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2020-1445 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office…
CVE-2020-0647 — CVSS 5.4 (medium): A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office…
CVE-2018-8247 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web…
CVE-2020-0695 — CVSS 5.4 (medium): A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft…
CVE-2019-1445 — CVSS 5.4 (medium): A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka…
CVE-2017-0195 — CVSS 5.4 (medium): Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010…
CVE-2019-1447 — CVSS 5.4 (medium): A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka…
CVE-2018-0919 — CVSS 3.3 (low): Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps…
CVE-2026-45455 — CVSS 3.3 (low): Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.