Excel Microsoft Excel Spreadsheet Software

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Excel.

Recent Microsoft Excel Security Advisories

Advisory Title Published
CVE-2025-21394 CVE-2025-21394 Microsoft Excel Remote Code Execution Vulnerability February 11, 2025
CVE-2025-21387 CVE-2025-21387 Microsoft Excel Remote Code Execution Vulnerability February 11, 2025
CVE-2025-21390 CVE-2025-21390 Microsoft Excel Remote Code Execution Vulnerability February 11, 2025
CVE-2025-21381 CVE-2025-21381 Microsoft Excel Remote Code Execution Vulnerability February 11, 2025
CVE-2025-21386 CVE-2025-21386 Microsoft Excel Remote Code Execution Vulnerability February 11, 2025
CVE-2025-21383 CVE-2025-21383 Microsoft Excel Information Disclosure Vulnerability February 11, 2025
CVE-2025-21364 CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability January 14, 2025
CVE-2025-21362 CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability January 14, 2025
CVE-2025-21354 CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability January 14, 2025
CVE-2024-49069 CVE-2024-49069 Microsoft Excel Remote Code Execution Vulnerability December 10, 2024

Known Exploited Microsoft Excel Vulnerabilities

The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Excel Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
CVE-2019-1297 Exploit Probability: 4.1%
March 3, 2022
Microsoft Office Security Feature Bypass Vulnerability A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
CVE-2016-7262 Exploit Probability: 60.1%
March 3, 2022
Microsoft Excel Featheader Record Memory Corruption Vulnerability Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
CVE-2009-3129 Exploit Probability: 97.2%
March 3, 2022

The vulnerability CVE-2009-3129: Microsoft Excel Featheader Record Memory Corruption Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2016-7262: Microsoft Office Security Feature Bypass Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 1 vulnerability in Microsoft Excel with an average score of 8.4 out of ten. Last year, in 2024 Excel had 11 security vulnerabilities published. Right now, Excel is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.66.




Year Vulnerabilities Average Score
2025 1 8.40
2024 11 7.74
2023 8 7.43
2022 10 7.49
2021 28 7.47
2020 32 7.86
2019 11 7.51
2018 22 7.23

It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Excel Security Vulnerabilities

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21362 8.4 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Library Injection Vulnerability on macOS

CVE-2024-43106 7.1 - High - December 18, 2024

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Improper Verification of Cryptographic Signature

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49069 7.8 - High - December 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49030 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49029 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Use of Uninitialized Resource

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49028 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds Read

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49027 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49026 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Command Injection

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-43504 7.8 - High - October 08, 2024

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Elevation of Privilege Vulnerability

CVE-2024-43465 7.8 - High - September 10, 2024

Microsoft Excel Elevation of Privilege Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-30042 7.8 - High - May 14, 2024

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36041 7.8 - High - November 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2023-36037 7.8 - High - November 14, 2023

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2023-36766 5.5 - Medium - September 12, 2023

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33133 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-32029 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-24953 7.8 - High - May 09, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-23399 7.8 - High - March 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Spoofing Vulnerability

CVE-2023-23398 7.1 - High - March 14, 2023

Microsoft Excel Spoofing Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2022-41104 5.5 - Medium - November 09, 2022

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41106 8.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41063 7.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2022-33631 7.3 - High - August 09, 2022

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-30173 7.8 - High - June 15, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-29110 7.8 - High - May 10, 2022

Microsoft Excel Remote Code Execution Vulnerability

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2022-26903 7.8 - High - April 15, 2022

Windows Graphics Component Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-26901 7.8 - High - April 15, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2022-22716 5.5 - Medium - February 09, 2022

Microsoft Excel Information Disclosure Vulnerability

Buffer Overflow

Microsoft Office Remote Code Execution Vulnerability

CVE-2022-21840 8.8 - High - January 11, 2022

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-43256 7.8 - High - December 15, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2021-42292 7.8 - High - November 10, 2021

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40442 7.8 - High - November 10, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40485 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40474 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-40472 5.5 - Medium - October 13, 2021

Microsoft Excel Information Disclosure Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2021-38660 7.8 - High - September 15, 2021

Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-38655 7.8 - High - September 15, 2021

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-34501 7.8 - High - July 14, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-34518 7.8 - High - July 14, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-31939 7.8 - High - June 08, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-31179 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Information Disclosure Vulnerability

CVE-2021-31178 5.5 - Medium - May 11, 2021

Microsoft Office Information Disclosure Vulnerability

Integer underflow

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-31177 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-31174 5.5 - Medium - May 11, 2021

Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-31175 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-28451 7.8 - High - April 13, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-28449 7.8 - High - April 13, 2021

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-28456 5.5 - Medium - April 13, 2021

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-27053 7.8 - High - March 11, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-27054 7.8 - High - March 11, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-27057 7.8 - High - March 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-24067 7.8 - High - February 25, 2021

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-24068 7.8 - High - February 25, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-24069 7.8 - High - February 25, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-24070 7.8 - High - February 25, 2021

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-1713 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability

Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-1714 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17123 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17125 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Information Disclosure Vulnerability

CVE-2020-17126 5.5 - Medium - December 10, 2020

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17127 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17128 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17129 7.8 - High - December 10, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2020-17130 6.5 - Medium - December 10, 2020

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17064 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17065 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2020-17066 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2020-17067 7.8 - High - November 11, 2020

Microsoft Excel Security Feature Bypass Vulnerability

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16929 7.8 - High - October 16, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

Dangling pointer

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16931 7.8 - High - October 16, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

Use of Uninitialized Resource

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-16932 7.8 - High - October 16, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

Use of Uninitialized Resource

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2020-1224 5.5 - Medium - September 11, 2020

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1332 7.8 - High - September 11, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1335 7.8 - High - September 11, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1594 7.8 - High - September 11, 2020

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1494 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1495 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1496 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2020-1497 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1498 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1504 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1225 8.8 - High - June 09, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1226 8.8 - High - June 09, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.

Buffer Overflow

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries

CVE-2020-0760 8.8 - High - April 15, 2020

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0906 8.8 - High - April 15, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0759 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0650 7.8 - High - January 14, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-0651 7.8 - High - January 14, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.

Buffer Overflow

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory

CVE-2020-0652 7.8 - High - January 14, 2020

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.

Buffer Overflow

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2019-1464 5.5 - Medium - December 10, 2019

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

Information Disclosure

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2019-1446 5.5 - Medium - November 12, 2019

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

Information Disclosure

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1448 7.8 - High - November 12, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1327 8.8 - High - October 10, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1331 8.8 - High - October 10, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2019-1263 5.5 - Medium - September 11, 2019

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

Information Disclosure

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1297 8.8 - High - September 11, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1110 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-1111 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110.

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2019-0828 7.8 - High - April 09, 2019

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Office 365 Proplus or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Excel
Spreadsheet Software

subscribe