Microsoft Excel Spreadsheet Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Excel.
Recent Microsoft Excel Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-29823 | CVE-2025-29823 Microsoft Excel Remote Code Execution Vulnerability | April 8, 2025 |
| CVE-2025-27750 | CVE-2025-27750 Microsoft Excel Remote Code Execution Vulnerability | April 8, 2025 |
| CVE-2025-29791 | CVE-2025-29791 Microsoft Excel Remote Code Execution Vulnerability | April 8, 2025 |
| CVE-2025-27751 | CVE-2025-27751 Microsoft Excel Remote Code Execution Vulnerability | April 8, 2025 |
| CVE-2025-27752 | CVE-2025-27752 Microsoft Excel Remote Code Execution Vulnerability | April 8, 2025 |
| CVE-2025-24075 | CVE-2025-24075 Microsoft Excel Remote Code Execution Vulnerability | March 11, 2025 |
| CVE-2025-24081 | CVE-2025-24081 Microsoft Excel Remote Code Execution Vulnerability | March 11, 2025 |
| CVE-2025-24082 | CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability | March 11, 2025 |
| CVE-2025-21394 | CVE-2025-21394 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
| CVE-2025-21387 | CVE-2025-21387 Microsoft Excel Remote Code Execution Vulnerability | February 11, 2025 |
Known Exploited Microsoft Excel Vulnerabilities
The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Excel Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. CVE-2019-1297 Exploit Probability: 57.0% |
March 3, 2022 |
| Microsoft Office Security Feature Bypass Vulnerability |
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. CVE-2016-7262 Exploit Probability: 84.8% |
March 3, 2022 |
| Microsoft Excel Featheader Record Memory Corruption Vulnerability |
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. CVE-2009-3129 Exploit Probability: 89.0% |
March 3, 2022 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2019-1297: Microsoft Excel Remote Code Execution Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 7 vulnerabilities in Microsoft Excel with an average score of 7.6 out of ten. Last year, in 2024 Excel had 11 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Excel in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.18
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 7 | 7.56 |
| 2024 | 11 | 7.74 |
| 2023 | 8 | 7.43 |
| 2022 | 10 | 7.49 |
| 2021 | 28 | 7.47 |
| 2020 | 32 | 7.86 |
| 2019 | 11 | 7.51 |
| 2018 | 22 | 7.23 |
It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Excel Security Vulnerabilities
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21394
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21383
5.5 - Medium
- February 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21381
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Library Injection Vulnerability on macOS
CVE-2024-43106
7.1 - High
- December 18, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Improper Verification of Cryptographic Signature
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Command Injection
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43504
7.8 - High
- October 08, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Elevation of Privilege Vulnerability
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30042
7.8 - High
- May 14, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041
7.8 - High
- November 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037
7.8 - High
- November 14, 2023
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36766
5.5 - Medium
- September 12, 2023
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33133
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-32029
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-24953
7.8 - High
- May 09, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-23399
7.8 - High
- March 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Spoofing Vulnerability
CVE-2023-23398
7.1 - High
- March 14, 2023
Microsoft Excel Spoofing Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41104
5.5 - Medium
- November 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41106
8.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41063
7.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-33631
7.3 - High
- August 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-30173
7.8 - High
- June 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-29110
7.8 - High
- May 10, 2022
Microsoft Excel Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903
7.8 - High
- April 15, 2022
Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-26901
7.8 - High
- April 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-22716
5.5 - Medium
- February 09, 2022
Microsoft Excel Information Disclosure Vulnerability
Buffer Overflow
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-21840
8.8 - High
- January 11, 2022
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-43256
7.8 - High
- December 15, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2021-42292
7.8 - High
- November 10, 2021
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40442
7.8 - High
- November 10, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40485
7.8 - High
- October 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-40474
7.8 - High
- October 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-40472
5.5 - Medium
- October 13, 2021
Microsoft Excel Information Disclosure Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-38660
7.8 - High
- September 15, 2021
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-38655
7.8 - High
- September 15, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34501
7.8 - High
- July 14, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-34518
7.8 - High
- July 14, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-31939
7.8 - High
- June 08, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31179
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178
5.5 - Medium
- May 11, 2021
Microsoft Office Information Disclosure Vulnerability
Integer underflow
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31177
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-31174
5.5 - Medium
- May 11, 2021
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31175
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-28451
7.8 - High
- April 13, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-28449
7.8 - High
- April 13, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2021-28456
5.5 - Medium
- April 13, 2021
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27053
7.8 - High
- March 11, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-27054
7.8 - High
- March 11, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-27057
7.8 - High
- March 11, 2021
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24068
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24069
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24070
7.8 - High
- February 25, 2021
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability
Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1714
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17123
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17125
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-17126
5.5 - Medium
- December 10, 2020
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17127
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17128
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17129
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17130
6.5 - Medium
- December 10, 2020
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17064
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17065
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17066
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17067
7.8 - High
- November 11, 2020
Microsoft Excel Security Feature Bypass Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16929
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Dangling pointer
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16931
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Use of Uninitialized Resource
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-16932
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
Use of Uninitialized Resource
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2020-1224
5.5 - Medium
- September 11, 2020
<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.</p> <p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p> <p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1332
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1335
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1594
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1494
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1495
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1496
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2020-1497
5.5 - Medium
- August 17, 2020
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1498
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1504
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1225
8.8 - High
- June 09, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-1226
8.8 - High
- June 09, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.
Buffer Overflow
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries
CVE-2020-0760
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
Improper Input Validation
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0906
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0759
8.8 - High
- February 11, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0650
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2020-0651
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.
Buffer Overflow
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory
CVE-2020-0652
7.8 - High
- January 14, 2020
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.
Buffer Overflow
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2019-1464
5.5 - Medium
- December 10, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Information Disclosure
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory
CVE-2019-1446
5.5 - Medium
- November 12, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Information Disclosure
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1448
7.8 - High
- November 12, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2019-1327
8.8 - High
- October 10, 2019
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office 365 Proplus or by Microsoft? Click the Watch button to subscribe.
