Microsoft Office Web Components — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Office Web Components, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2006-4695 — CVSS 9.3 (critical): Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute…
CVE-2009-2496 — CVSS 9.3 (critical): Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web…
CVE-2009-1534 — CVSS 9.3 (critical): Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web…
CVE-2009-1136 — CVSS 9.3 (critical): The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3…
CVE-2009-0562 — CVSS 9.3 (critical): The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web…
CVE-2002-0861 — CVSS 7.5 (high): Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even…
CVE-2002-0727 — CVSS 7.5 (high): The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting…
CVE-2002-1339 — CVSS 5.0 (medium): The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to…
CVE-2002-1338 — CVSS 5.0 (medium): The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist…
CVE-2002-0860 — CVSS 5.0 (medium): The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read…
CVE-2002-1340 — CVSS 5.0 (medium): The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the…