Microsoft Office
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Office.
Recent Microsoft Office Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-26134 | CVE-2026-26134 Microsoft Office Elevation of Privilege Vulnerability | March 10, 2026 |
| CVE-2026-26113 | CVE-2026-26113 Microsoft Office Remote Code Execution Vulnerability | March 10, 2026 |
| CVE-2026-26110 | CVE-2026-26110 Microsoft Office Remote Code Execution Vulnerability | March 10, 2026 |
| CVE-2026-21509 | CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability | January 26, 2026 |
| CVE-2026-20952 | CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20953 | CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20943 | CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | January 13, 2026 |
| CVE-2025-64677 | CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability | December 19, 2025 |
| CVE-2025-62557 | CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability | December 9, 2025 |
| CVE-2025-62554 | CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability | December 9, 2025 |
Known Exploited Microsoft Office Vulnerabilities
The following Microsoft Office vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability |
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. CVE-2026-21514 Exploit Probability: 5.1% |
February 10, 2026 |
| Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. CVE-2026-21509 Exploit Probability: 9.8% |
January 26, 2026 |
| Microsoft Office PowerPoint Code Injection Vulnerability |
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. CVE-2009-0556 Exploit Probability: 78.2% |
January 7, 2026 |
| Microsoft Office Excel Remote Code Execution Vulnerability |
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system. CVE-2007-0671 Exploit Probability: 66.8% |
August 12, 2025 |
| Microsoft Office Outlook Privilege Escalation Vulnerability |
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. CVE-2023-23397 Exploit Probability: 93.6% |
March 14, 2023 |
| Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system. CVE-2023-21715 Exploit Probability: 0.7% |
February 14, 2023 |
| Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability which allows remote attackers to execute code via crafted PNG data in an Office document. CVE-2013-1331 Exploit Probability: 88.9% |
June 8, 2022 |
| Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field. CVE-2009-0563 Exploit Probability: 79.9% |
June 8, 2022 |
| Microsoft Office Object Record Corruption Vulnerability |
Microsoft Office contains an object record corruption vulnerability which allows remote attackers to execute code via a crafted Excel file with a malformed record object. CVE-2009-0557 Exploit Probability: 86.4% |
June 8, 2022 |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. CVE-2021-38646 Exploit Probability: 42.7% |
March 28, 2022 |
| Microsoft Office Uninitialized Memory Use Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. CVE-2015-1770 Exploit Probability: 78.2% |
March 28, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. CVE-2017-11826 Exploit Probability: 90.5% |
March 3, 2022 |
| Microsoft Office Use-After-Free Vulnerability |
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. CVE-2017-0261 Exploit Probability: 92.9% |
March 3, 2022 |
| Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. CVE-2016-7193 Exploit Probability: 71.2% |
March 3, 2022 |
| Microsoft Office Malformed EPS File Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. CVE-2015-2545 Exploit Probability: 93.4% |
March 3, 2022 |
| Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1642 Exploit Probability: 72.9% |
March 3, 2022 |
| Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. CVE-2012-1856 Exploit Probability: 91.9% |
March 3, 2022 |
| Microsoft Office Stack-based Buffer Overflow Vulnerability |
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. CVE-2010-3333 Exploit Probability: 93.8% |
March 3, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. CVE-2017-8570 Exploit Probability: 94.2% |
February 25, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office. CVE-2017-0262 Exploit Probability: 65.1% |
February 10, 2022 |
Of the known exploited vulnerabilities above, 10 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 7 known exploited Microsoft Office vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Microsoft Office Vulnerabilities
Based on the current exploit probability, these Microsoft Office vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2017-11882 | 94.4% | Microsoft Office memory corruption vulnerability |
| 2 | CVE-2017-8570 | 94.2% | Microsoft Office Remote Code Execution Vulnerability |
| 3 | CVE-2018-0802 | 94.1% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
| 4 | CVE-2018-0798 | 94.1% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
| 5 | CVE-2010-3333 | 93.8% | Microsoft Office Stack-based Buffer Overflow Vulnerability |
| 6 | CVE-2023-23397 | 93.6% | Microsoft Office Outlook Privilege Escalation Vulnerability |
| 7 | CVE-2015-1641 | 93.6% | Microsoft Office Memory Corruption vulnerability |
| 8 | CVE-2015-2545 | 93.4% | Microsoft Office Malformed EPS File Vulnerability |
| 9 | CVE-2017-0261 | 92.9% | Microsoft Office Use-After-Free Vulnerability |
| 10 | CVE-2012-1856 | 91.9% | Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
EOL Dates
Ensure that you are using a supported version of Microsoft Office. Here are some end of life, and end of support dates for Microsoft Office.
| Release | EOL | End of Support | Status |
|---|---|---|---|
| 2024 | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024 will become EOL in 3 years (in 2029). |
| 2024-ltsc | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024-ltsc will become EOL in 3 years (in 2029). |
| 2021 | October 13, 2026 | October 13, 2026 |
EOL This Year
Microsoft Office 2021 will become EOL this year, in October 2026. |
| 2019 | October 14, 2025 | October 10, 2023 |
EOL
Microsoft Office 2019 became EOL in 2025 and supported ended in 2023 |
| 2016 | October 14, 2025 | October 13, 2020 |
EOL
Microsoft Office 2016 became EOL in 2025 and supported ended in 2020 |
| 365 | - | - |
Active
|
| 2013 | April 11, 2023 | April 10, 2018 |
EOL
Microsoft Office 2013 became EOL in 2023 and supported ended in 2018 |
| 2011-for-mac | October 10, 2017 | October 10, 2017 |
EOL
Microsoft Office 2011-for-mac became EOL in 2017 and supported ended in 2017 |
| 2010 | October 13, 2020 | October 13, 2015 |
EOL
Microsoft Office 2010 became EOL in 2020 and supported ended in 2015 |
| 2008-for-mac | April 9, 2013 | April 9, 2013 |
EOL
Microsoft Office 2008-for-mac became EOL in 2013 and supported ended in 2013 |
| 2007 | October 10, 2017 | October 9, 2012 |
EOL
Microsoft Office 2007 became EOL in 2017 and supported ended in 2012 |
By the Year
In 2026 there have been 6 vulnerabilities in Microsoft Office with an average score of 7.2 out of ten. Last year, in 2025 Office had 110 security vulnerabilities published. Right now, Office is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.48
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 7.20 |
| 2025 | 110 | 7.68 |
| 2024 | 41 | 7.71 |
| 2023 | 62 | 7.45 |
| 2022 | 47 | 7.19 |
| 2021 | 64 | 7.50 |
| 2020 | 71 | 7.45 |
| 2019 | 59 | 7.52 |
| 2018 | 79 | 7.33 |
It may take a day or so for new Office vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Office Security Vulnerabilities
Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26110
8.4 - High
- March 10, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Mar 2026: Microsoft Office Elevation of Privilege Vulnerability
CVE-2026-26134
7.8 - High
- March 10, 2026
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Mar 2026: Windows Graphics Component Information Disclosure Vulnerability
CVE-2026-25180
5.5 - Medium
- March 10, 2026
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Mar 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-24285
7 - High
- March 10, 2026
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Dangling pointer
Feb 2026: GDI+ Denial of Service Vulnerability
CVE-2026-20846
7.5 - High
- February 10, 2026
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
Buffer Over-read
Jan 2026: Microsoft Office Click-To-Run Remote Code Execution Vulnerability
CVE-2026-20943
7 - High
- January 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Path
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62557
8.4 - High
- December 09, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554
8.4 - High
- December 09, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
MS Office DoS via Office Service (CVE-2025-66334)
CVE-2025-66334
3.3 - Low
- December 08, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Download of Code Without Integrity Check
MS Office Service DoS via Office Service Vulnerability
CVE-2025-66331
3.3 - Low
- December 08, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Download of Code Without Integrity Check
MS Office DoS via Office Service
CVE-2025-64313
5.3 - Medium
- November 28, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Race Condition
Nov 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-60724
9.8 - Critical
- November 11, 2025
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199
7.8 - High
- November 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59227
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
MS Office DoS via Office Service Vulnerability
CVE-2025-58291
3.3 - Low
- October 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
Path Traversal: '\..\filename'
Microsoft Office Service UAF Vulnerability (Service Confidentiality Impact)
CVE-2025-58287
7.8 - High
- October 11, 2025
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
Permission Issues
Sep 2025: Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-53799
5.5 - Medium
- September 09, 2025
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53735
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53740
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53732
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-53766
9.8 - Critical
- August 12, 2025
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Aug 2025: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-53761
7.8 - High
- August 12, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53759
7.8 - High
- August 12, 2025
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use of Uninitialized Resource
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53741
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53739
7.8 - High
- August 12, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53737
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-53734
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53731
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-53730
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53738
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733
8.4 - High
- August 12, 2025
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Incorrect Conversion between Numeric Types
Aug 2025: Microsoft Word Information Disclosure Vulnerability
CVE-2025-53736
6.8 - Medium
- August 12, 2025
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Buffer Over-read
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49697
8.4 - High
- July 08, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-49711
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47994
7.8 - High
- July 08, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Marshaling, Unmarshaling
Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49700
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49699
7 - High
- July 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49698
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49696
8.4 - High
- July 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49695
8.4 - High
- July 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-48812
5.5 - Medium
- July 08, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jul 2025: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-49705
7.8 - High
- July 08, 2025
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49703
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49702
7.8 - High
- July 08, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47953
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Jun 2025: Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47171
6.7 - Medium
- June 10, 2025
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Improper Input Validation
Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47173
7.8 - High
- June 10, 2025
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Jun 2025: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-47175
7.8 - High
- June 10, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office or by Microsoft? Click the Watch button to subscribe.
