Microsoft Excel Spreadsheet Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Excel.
Recent Microsoft Excel Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2025-21394 | CVE-2025-21394 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
CVE-2025-21387 | CVE-2025-21387 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
CVE-2025-21390 | CVE-2025-21390 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
CVE-2025-21381 | CVE-2025-21381 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
CVE-2025-21386 | CVE-2025-21386 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
CVE-2025-21383 | CVE-2025-21383 Microsoft Excel Information Disclosure Vulnerability | February 11, 2025 |
CVE-2025-21364 | CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability | January 14, 2025 |
CVE-2025-21362 | CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2025-21354 | CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability | January 14, 2025 |
CVE-2024-49069 | CVE-2024-49069 Microsoft Excel Remote Code Execution Vulnerability | December 10, 2024 |
Known Exploited Microsoft Excel Vulnerabilities
The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Excel Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. CVE-2019-1297 Exploit Probability: 4.1% |
March 3, 2022 |
Microsoft Office Security Feature Bypass Vulnerability |
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. CVE-2016-7262 Exploit Probability: 60.1% |
March 3, 2022 |
Microsoft Excel Featheader Record Memory Corruption Vulnerability |
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. CVE-2009-3129 Exploit Probability: 97.2% |
March 3, 2022 |
The vulnerability CVE-2009-3129: Microsoft Excel Featheader Record Memory Corruption Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2016-7262: Microsoft Office Security Feature Bypass Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 1 vulnerability in Microsoft Excel with an average score of 8.4 out of ten. Last year, in 2024 Excel had 11 security vulnerabilities published. Right now, Excel is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.66.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 1 | 8.40 |
2024 | 11 | 7.74 |
2023 | 8 | 7.43 |
2022 | 10 | 7.49 |
2021 | 28 | 7.47 |
2020 | 32 | 7.86 |
2019 | 11 | 7.51 |
2018 | 22 | 7.23 |
It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Excel Security Vulnerabilities
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Library Injection Vulnerability on macOS
CVE-2024-43106
7.1 - High
- December 18, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Improper Verification of Cryptographic Signature
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Command Injection
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43504
7.8 - High
- October 08, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Elevation of Privilege Vulnerability
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30042
7.8 - High
- May 14, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041
7.8 - High
- November 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037
7.8 - High
- November 14, 2023
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36766
5.5 - Medium
- September 12, 2023
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33133
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-32029
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-24953
7.8 - High
- May 09, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-23399
7.8 - High
- March 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Spoofing Vulnerability
CVE-2023-23398
7.1 - High
- March 14, 2023
Microsoft Excel Spoofing Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41104
5.5 - Medium
- November 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41106
8.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41063
7.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-33631
7.3 - High
- August 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-30173
7.8 - High
- June 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-29110
7.8 - High
- May 10, 2022
Microsoft Excel Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903
7.8 - High
- April 15, 2022
Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-26901
7.8 - High
- April 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-22716
5.5 - Medium
- February 09, 2022
Microsoft Excel Information Disclosure Vulnerability
Buffer Overflow
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-21840
8.8 - High
- January 11, 2022
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-43256
7.8 - High
- December 15, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42292
7.8 - High
- November 10, 2021
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40442
7.8 - High
- November 10, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40485
7.8 - High
- October 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40474
7.8 - High
- October 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-40472
5.5 - Medium
- October 13, 2021
Microsoft Excel Information Disclosure Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38660
7.8 - High
- September 15, 2021
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38655
7.8 - High
- September 15, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34501
7.8 - High
- July 14, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34518
7.8 - High
- July 14, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-31939
7.8 - High
- June 08, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31179
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178
5.5 - Medium
- May 11, 2021
Microsoft Office Information Disclosure Vulnerability
Integer underflow
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31177
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-31174
5.5 - Medium
- May 11, 2021
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31175
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451
7.8 - High
- April 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449
7.8 - High
- April 13, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456
5.5 - Medium
- April 13, 2021
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27053
7.8 - High
- March 11, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27054
7.8 - High
- March 11, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-27057
7.8 - High
- March 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24068
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24069
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24070
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability
Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1714
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17123
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17125
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-17126
5.5 - Medium
- December 10, 2020
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17127
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17128
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17129
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17130
6.5 - Medium
- December 10, 2020
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17064
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17065
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17066
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17067
7.8 - High
- November 11, 2020
Microsoft Excel Security Feature Bypass Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16929
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Dangling pointer
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16931
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Use of Uninitialized Resource
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16932
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Use of Uninitialized Resource
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2020-1224
5.5 - Medium
- September 11, 2020
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1332
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1335
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1594
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1494
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1495
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1496
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2020-1497
5.5 - Medium
- August 17, 2020
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1498
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1504
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1225
8.8 - High
- June 09, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1226
8.8 - High
- June 09, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.
Buffer Overflow
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries
CVE-2020-0760
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
Improper Input Validation
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0906
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0759
8.8 - High
- February 11, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0650
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0651
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory
CVE-2020-0652
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.
Buffer Overflow
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2019-1464
5.5 - Medium
- December 10, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Information Disclosure
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2019-1446
5.5 - Medium
- November 12, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Information Disclosure
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1448
7.8 - High
- November 12, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1327
8.8 - High
- October 10, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1331
8.8 - High
- October 10, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2019-1263
5.5 - Medium
- September 11, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Information Disclosure
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1297
8.8 - High
- September 11, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1110
8.8 - High
- July 15, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1111
8.8 - High
- July 15, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-0828
7.8 - High
- April 09, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office 365 Proplus or by Microsoft? Click the Watch button to subscribe.
