Office 365 Microsoft Office 365

stack.watch can notify you when security vulnerabilities are reported in Microsoft Office 365. You can add multiple products that you use with Office 365 to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Microsoft Office 365 . Last year Office 365 had 4 security vulnerabilities published. Right now, Office 365 is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 4 6.97
2018 1 7.80

It may take a day or so for new Office 365 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Office 365 Security Vulnerabilities

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory

CVE-2019-1402 5.5 - Medium - November 12, 2019

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

CVE-2019-1402 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2019-1446 5.5 - Medium - November 12, 2019

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2019-1446 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way

CVE-2019-1109 9.1 - Critical - July 15, 2019

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.

CVE-2019-1109 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory

CVE-2019-0945 7.8 - High - May 16, 2019

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.

CVE-2019-0945 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Data Handling

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2018-8597 7.8 - High - December 12, 2018

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.

CVE-2018-8597 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.