Every CVE whose affected-product data names Microsoft Project, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2003-0347 — CVSS 10.0 (critical): Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote…
CVE-2009-3126 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2528 — CVSS 9.3 (critical): GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to…
CVE-2009-2501 — CVSS 9.3 (critical): Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007…
CVE-2009-2504 — CVSS 9.3 (critical): Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2…
CVE-2009-2503 — CVSS 9.3 (critical): GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2006-3864 — CVSS 9.3 (critical): Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2008-1088 — CVSS 9.3 (critical): Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a…
CVE-2008-4255 — CVSS 9.3 (critical): Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual…
CVE-2009-2500 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2020-0760 — CVSS 8.8 (high): A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote…
CVE-2008-4252 — CVSS 8.5 (high): The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors…
CVE-2008-4254 — CVSS 8.5 (high): Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0…
CVE-2008-4253 — CVSS 8.5 (high): The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and…
CVE-2008-4256 — CVSS 8.5 (high): The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1…
CVE-2009-2502 — CVSS 8.1 (high): Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office…
CVE-2018-8575 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka…
CVE-2019-1264 — CVSS 7.8 (high): A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature…
CVE-2004-0848 — CVSS 7.5 (high): Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing…
CVE-2002-0861 — CVSS 7.5 (high): Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even…
CVE-2002-0727 — CVSS 7.5 (high): The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting…
CVE-2000-0419 — CVSS 7.5 (high): The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via…
CVE-2005-2127 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute…
CVE-2020-1322 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka…
CVE-2002-0860 — CVSS 5.0 (medium): The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read…
CVE-1999-0384 — CVSS 4.6 (medium): The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the…