365 Apps Microsoft 365 Apps

stack.watch can email you when security vulnerabilities are reported in Microsoft 365 Apps. You can add multiple products that you use with 365 Apps to create your own personal software stack watcher.

By the Year

In 2021 there have been 4 vulnerabilities in Microsoft 365 Apps with an average score of 7.8 out of ten. Last year 365 Apps had 30 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in 365 Apps in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.24.

Year Vulnerabilities Average Score
2021 4 7.80
2020 30 7.56
2019 0 0.00
2018 0 0.00

It may take a day or so for new 365 Apps vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft 365 Apps Security Vulnerabilities

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1716 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.

CVE-2021-1716 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1715 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.

CVE-2021-1715 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1714 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.

CVE-2021-1714 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1713 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.

CVE-2021-1713 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2020-17126 5.5 - Medium - December 10, 2020

, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2020-17126 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

CVE-2020-17119 7.5 - High - December 10, 2020

, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

CVE-2020-17119 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17123 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17123 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.

CVE-2020-17124 7.8 - High - December 10, 2020

, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.

CVE-2020-17124 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17125 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17125 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17128 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.

CVE-2020-17128 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17129 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.

CVE-2020-17129 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.

CVE-2020-17130 6.5 - Medium - December 10, 2020

, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.

CVE-2020-17130 is exploitable with local system access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

CVE-2020-17062 7.8 - High - November 11, 2020

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

CVE-2020-17062 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2020-17067 7.8 - High - November 11, 2020

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2020-17067 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17065 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17066.

CVE-2020-17065 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17064 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.

CVE-2020-17064 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Office Online Spoofing Vulnerability

CVE-2020-17063 5.4 - Medium - November 11, 2020

Microsoft Office Online Spoofing Vulnerability

CVE-2020-17063 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

Microsoft Word Security Feature Bypass Vulnerability

CVE-2020-17020 5.5 - Medium - November 11, 2020

Microsoft Word Security Feature Bypass Vulnerability

CVE-2020-17020 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

authentification

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16931 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932.

CVE-2020-16931 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Use of Uninitialized Resource

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16929 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932.

CVE-2020-16929 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16932 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931.

CVE-2020-16932 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory

CVE-2020-16957 7.8 - High - October 16, 2020

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

CVE-2020-16957 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability

CVE-2020-16918 7.8 - High - October 16, 2020

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003.

CVE-2020-16918 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in the way

CVE-2020-16928 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.

CVE-2020-16928 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16930 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932.

CVE-2020-16930 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files

CVE-2020-16933 8.8 - High - October 16, 2020

A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.

CVE-2020-16933 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Handling of Exceptional Conditions

An elevation of privilege vulnerability exists in the way

CVE-2020-16934 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955.

CVE-2020-16934 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory

CVE-2020-16947 8.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

CVE-2020-16947 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory

CVE-2020-16949 7.5 - High - October 16, 2020

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.

CVE-2020-16949 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Memory Leak

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory

CVE-2020-16954 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

CVE-2020-16954 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An elevation of privilege vulnerability exists in the way

CVE-2020-16955 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934.

CVE-2020-16955 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory

CVE-2020-1563 7.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

CVE-2020-1563 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory

CVE-2020-1445 5.5 - Medium - July 14, 2020

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

CVE-2020-1445 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0901 9.8 - Critical - May 21, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

CVE-2020-0901 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Memory Corruption