Every CVE whose affected-product data names Microsoft Powerpoint, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (76)
CVE-2010-2573 — CVSS 9.3 (critical): Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to…
CVE-2010-3141 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary…
CVE-2010-0029 — CVSS 9.3 (critical): Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint…
CVE-2010-0030 — CVSS 9.3 (critical): Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a…
CVE-2010-0031 — CVSS 9.3 (critical): Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to…
CVE-2010-0032 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a…
CVE-2010-0033 — CVSS 9.3 (critical): Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted…
CVE-2010-0034 — CVSS 9.3 (critical): Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted…
CVE-2015-0097 — CVSS 9.3 (critical): Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers…
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2015-0085 — CVSS 9.3 (critical): Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010…
CVE-2011-3413 — CVSS 9.3 (critical): Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and…
CVE-2011-3396 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL…
CVE-2011-1270 — CVSS 9.3 (critical): Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint…
CVE-2011-1269 — CVSS 9.3 (critical): Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office…
CVE-2011-0976 — CVSS 9.3 (critical): Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office…
CVE-2011-0656 — CVSS 9.3 (critical): Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2011-0655 — CVSS 9.3 (critical): Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility…
CVE-2007-0913 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack…
CVE-2010-3142 — CVSS 9.3 (critical): Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute…
CVE-2009-0224 — CVSS 9.3 (critical): Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in…
CVE-2018-8501 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in…
CVE-2018-8376 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2016-7230 — CVSS 7.8 (high): Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a…
CVE-2017-8513 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka…
CVE-2017-8742 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2…
CVE-2017-8743 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online…
CVE-2018-8628 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2019-1462 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory…
CVE-2025-47175 — CVSS 7.8 (high): Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-53761 — CVSS 7.8 (high): Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-54908 — CVSS 7.8 (high): Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59238 — CVSS 7.8 (high): Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32200 — CVSS 7.8 (high): Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-44803 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2006-0022 — CVSS 7.6 (high): Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for…
CVE-2006-3660 — CVSS 7.6 (high): Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE…
CVE-2000-0419 — CVSS 7.5 (high): The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via…
CVE-1999-1474 — CVSS 7.5 (high): PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through…
CVE-2000-0597 — CVSS 7.5 (high): Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force…
CVE-2008-3068 — CVSS 7.5 (high): Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation…
CVE-2006-3449 — CVSS 7.5 (high): Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to…
CVE-2004-0848 — CVSS 7.5 (high): Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing…
CVE-2002-0152 — CVSS 7.5 (high): Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute…
CVE-2001-0718 — CVSS 7.5 (high): Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro…
CVE-2000-0088 — CVSS 7.2 (high): Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka…
CVE-2026-45649 — CVSS 7.1 (high): Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-26133 — CVSS 7.1 (high): AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2024-39804 — CVSS 7.1 (high): A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's…
CVE-2026-41102 — CVSS 7.1 (high): Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2001-0005 — CVSS 6.2 (medium): Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
CVE-2016-3279 — CVSS 5.5 (medium): Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel…
CVE-2006-3590 — CVSS 5.1 (medium): mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed…
CVE-2006-3655 — CVSS 5.1 (medium): Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted…
CVE-2000-0765 — CVSS 5.1 (medium): Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded…
CVE-2015-2423 — CVSS 4.3 (medium): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2006-5296 — CVSS 4.3 (medium): PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which…
CVE-2006-3656 — CVSS 2.6 (low): Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint…