Microsoft Office 2016
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Office 2016.
By the Year
In 2026 there have been 4 vulnerabilities in Microsoft Office 2016 with an average score of 7.9 out of ten. Last year, in 2025 Office 2016 had 38 security vulnerabilities published. Right now, Office 2016 is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.08
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 7.90 |
| 2025 | 38 | 7.98 |
| 2024 | 2 | 7.65 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.80 |
It may take a day or so for new Office 2016 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Office 2016 Security Vulnerabilities
Jan 2026: Microsoft Office Security Feature Bypass Vulnerability
CVE-2026-21509
7.8 - High
- January 26, 2026
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
Reliance on Untrusted Inputs in a Security Decision
Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20952
8.4 - High
- January 13, 2026
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20953
8.4 - High
- January 13, 2026
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jan 2026: Microsoft Office Click-To-Run Remote Code Execution Vulnerability
CVE-2026-20943
7 - High
- January 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Path
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62557
8.4 - High
- December 09, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554
8.4 - High
- December 09, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199
7.8 - High
- November 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59227
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Sep 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-54910
8.4 - High
- September 09, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Sep 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-54906
7.8 - High
- September 09, 2025
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53740
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53731
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49697
8.4 - High
- July 08, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49696
8.4 - High
- July 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49695
8.4 - High
- July 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47994
7.8 - High
- July 08, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Marshaling, Unmarshaling
Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49702
7.8 - High
- July 08, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47953
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47173
7.8 - High
- June 10, 2025
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47167
8.4 - High
- June 10, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47164
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47162
8.4 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30386
8.4 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30377
8.4 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29979
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27745
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-29820
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Word Security Feature Bypass Vulnerability
CVE-2025-29816
7.5 - High
- April 08, 2025
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Acceptance of Extraneous Untrusted Data With Trusted Data
Apr 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-29792
7.3 - High
- April 08, 2025
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Dangling pointer
Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29791
7.8 - High
- April 08, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-27752
7.8 - High
- April 08, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27749
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27748
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27746
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-27744
7.8 - High
- April 08, 2025
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
Authorization
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-26642
7.8 - High
- April 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Mar 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-24083
7.8 - High
- March 11, 2025
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Mar 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-24080
7.8 - High
- March 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Mar 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-24057
7.8 - High
- March 11, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Feb 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21392
7.8 - High
- February 11, 2025
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Jan 2025: Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21346
7.1 - High
- January 14, 2025
Microsoft Office Security Feature Bypass Vulnerability
Protection Mechanism Failure
Jun 2024: Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30104
7.8 - High
- June 11, 2024
Microsoft Office Remote Code Execution Vulnerability
insecure temporary file
Jun 2024: Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30101
7.5 - High
- June 11, 2024
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Dec 2020: Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17128
7.8 - High
- December 10, 2020
Microsoft Excel Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office 2016 or by Microsoft? Click the Watch button to subscribe.
