Microsoft Office Web Apps — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Office Web Apps, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (106)
CVE-2013-1330 — CVSS 10.0 (critical): The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web…
CVE-2015-6093 — CVSS 9.3 (critical): Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server…
CVE-2015-1650 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer…
CVE-2015-1649 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word…
CVE-2012-2528 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and…
CVE-2014-0260 — CVSS 9.3 (critical): Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010…
CVE-2013-3889 — CVSS 9.3 (critical): Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011…
CVE-2013-1315 — CVSS 9.3 (critical): Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013…
CVE-2013-3847 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007…
CVE-2013-3848 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007…
CVE-2013-3849 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007…
CVE-2013-3858 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007…
CVE-2013-3857 — CVSS 9.3 (critical): Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003…
CVE-2010-3214 — CVSS 9.3 (critical): Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format…
CVE-2020-1583 — CVSS 8.8 (high): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2016-0183 — CVSS 8.8 (high): The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office…
CVE-2017-8509 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2017-8512 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2018-1028 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka…
CVE-2018-8504 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected…
CVE-2020-1446 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1447 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1448 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2018-8161 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka…
CVE-2018-8539 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft…
CVE-2018-8628 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2019-1034 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2019-1201 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who…
CVE-2020-0892 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-0980 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft…
CVE-2020-1218 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker…
CVE-2020-1335 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-16929 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-16931 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2020-16932 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory…
CVE-2016-0054 — CVSS 7.8 (high): Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office…
CVE-2016-0140 — CVSS 7.8 (high): Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow…
CVE-2016-3281 — CVSS 7.8 (high): Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation…
CVE-2016-3282 — CVSS 7.8 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac…
CVE-2016-3357 — CVSS 7.8 (high): Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word…
CVE-2016-7230 — CVSS 7.8 (high): Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a…
CVE-2016-7234 — CVSS 7.8 (high): Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for…
CVE-2017-0020 — CVSS 7.8 (high): Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary…
CVE-2017-0030 — CVSS 7.8 (high): Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word…
CVE-2017-0254 — CVSS 7.8 (high): Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft…
CVE-2017-0281 — CVSS 7.8 (high): Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web…
CVE-2017-8511 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2017-8631 — CVSS 7.8 (high): A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2…
CVE-2017-8632 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel…
CVE-2017-8742 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2…
CVE-2018-0797 — CVSS 7.8 (high): Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF…
CVE-2018-0922 — CVSS 7.8 (high): Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office…
CVE-2017-8696 — CVSS 7.5 (high): Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for…
CVE-2016-0025 — CVSS 7.3 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word…
CVE-2016-7290 — CVSS 7.1 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on…
CVE-2016-7268 — CVSS 7.1 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation…
CVE-2016-7291 — CVSS 7.1 (high): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on…
CVE-2013-3895 — CVSS 6.8 (medium): Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page…
CVE-2013-5059 — CVSS 6.8 (medium): Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via…
CVE-2016-7233 — CVSS 6.5 (medium): Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3…
CVE-2020-1442 — CVSS 6.1 (medium): A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps…
CVE-2020-1445 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office…
CVE-2016-3279 — CVSS 5.5 (medium): Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel…
CVE-2018-8378 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable…
CVE-2020-1503 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who…
CVE-2017-0105 — CVSS 5.5 (medium): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on…
CVE-2012-1860 — CVSS 5.5 (medium): Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not…
CVE-2020-1224 — CVSS 5.5 (medium): <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who…
CVE-2020-1342 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable…
CVE-2016-3234 — CVSS 5.5 (medium): Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint…
CVE-2018-8247 — CVSS 5.4 (medium): An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web…
CVE-2017-0195 — CVSS 5.4 (medium): Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010…
CVE-2012-1859 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010…
CVE-2013-1289 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1…
CVE-2012-1861 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and…
CVE-2012-2520 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010…
CVE-2011-1892 — CVSS 4.0 (medium): Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2…
CVE-2015-6037 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2…
CVE-2018-0919 — CVSS 3.3 (low): Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps…