Microsoft Office
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Office.
Recent Microsoft Office Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-20952 | CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20953 | CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability | January 13, 2026 |
| CVE-2026-20943 | CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | January 13, 2026 |
| CVE-2025-64677 | CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability | December 19, 2025 |
| CVE-2025-62557 | CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability | December 9, 2025 |
| CVE-2025-62554 | CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability | December 9, 2025 |
| CVE-2025-62205 | CVE-2025-62205 Microsoft Office Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-62216 | CVE-2025-62216 Microsoft Office Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-62199 | CVE-2025-62199 Microsoft Office Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-59229 | CVE-2025-59229 Microsoft Office Denial of Service Vulnerability | October 14, 2025 |
Known Exploited Microsoft Office Vulnerabilities
The following Microsoft Office vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Office PowerPoint Code Injection Vulnerability |
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. CVE-2009-0556 Exploit Probability: 76.8% |
January 7, 2026 |
| Microsoft Office Excel Remote Code Execution Vulnerability |
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system. CVE-2007-0671 Exploit Probability: 65.2% |
August 12, 2025 |
| Microsoft Office Outlook Privilege Escalation Vulnerability |
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. CVE-2023-23397 Exploit Probability: 93.6% |
March 14, 2023 |
| Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system. CVE-2023-21715 Exploit Probability: 1.0% |
February 14, 2023 |
| Microsoft Office Object Record Corruption Vulnerability |
Microsoft Office contains an object record corruption vulnerability which allows remote attackers to execute code via a crafted Excel file with a malformed record object. CVE-2009-0557 Exploit Probability: 83.8% |
June 8, 2022 |
| Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field. CVE-2009-0563 Exploit Probability: 80.9% |
June 8, 2022 |
| Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability which allows remote attackers to execute code via crafted PNG data in an Office document. CVE-2013-1331 Exploit Probability: 85.8% |
June 8, 2022 |
| Microsoft Office Uninitialized Memory Use Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. CVE-2015-1770 Exploit Probability: 78.2% |
March 28, 2022 |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. CVE-2021-38646 Exploit Probability: 36.3% |
March 28, 2022 |
| Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. CVE-2016-7193 Exploit Probability: 71.2% |
March 3, 2022 |
| Microsoft Office Stack-based Buffer Overflow Vulnerability |
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. CVE-2010-3333 Exploit Probability: 93.8% |
March 3, 2022 |
| Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. CVE-2012-1856 Exploit Probability: 91.9% |
March 3, 2022 |
| Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1642 Exploit Probability: 72.9% |
March 3, 2022 |
| Microsoft Office Malformed EPS File Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. CVE-2015-2545 Exploit Probability: 93.4% |
March 3, 2022 |
| Microsoft Office Use-After-Free Vulnerability |
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. CVE-2017-0261 Exploit Probability: 92.9% |
March 3, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. CVE-2017-11826 Exploit Probability: 90.5% |
March 3, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. CVE-2017-8570 Exploit Probability: 94.2% |
February 25, 2022 |
| Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office. CVE-2017-0262 Exploit Probability: 64.9% |
February 10, 2022 |
| Microsoft Excel Security Feature Bypass |
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. CVE-2021-42292 Exploit Probability: 19.1% |
November 17, 2021 |
| Microsoft Office Memory Corruption vulnerability |
Allows remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." CVE-2015-1641 Exploit Probability: 93.6% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 11 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 8 known exploited Microsoft Office vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Microsoft Office Vulnerabilities
Based on the current exploit probability, these Microsoft Office vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2017-11882 | 94.4% | Microsoft Office memory corruption vulnerability |
| 2 | CVE-2017-8570 | 94.2% | Microsoft Office Remote Code Execution Vulnerability |
| 3 | CVE-2018-0802 | 94.1% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
| 4 | CVE-2018-0798 | 94.1% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
| 5 | CVE-2010-3333 | 93.8% | Microsoft Office Stack-based Buffer Overflow Vulnerability |
| 6 | CVE-2023-23397 | 93.6% | Microsoft Office Outlook Privilege Escalation Vulnerability |
| 7 | CVE-2015-1641 | 93.6% | Microsoft Office Memory Corruption vulnerability |
| 8 | CVE-2015-2545 | 93.4% | Microsoft Office Malformed EPS File Vulnerability |
| 9 | CVE-2017-0261 | 92.9% | Microsoft Office Use-After-Free Vulnerability |
| 10 | CVE-2012-1856 | 91.9% | Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
EOL Dates
Ensure that you are using a supported version of Microsoft Office. Here are some end of life, and end of support dates for Microsoft Office.
| Release | EOL | End of Support | Status |
|---|---|---|---|
| 2024 | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024 will become EOL in 3 years (in 2029). |
| 2024-ltsc | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024-ltsc will become EOL in 3 years (in 2029). |
| 2021 | October 13, 2026 | October 13, 2026 |
EOL This Year
Microsoft Office 2021 will become EOL this year, in October 2026. |
| 2019 | October 14, 2025 | October 10, 2023 |
EOL
Microsoft Office 2019 became EOL in 2025 and supported ended in 2023 |
| 2016 | October 14, 2025 | October 13, 2020 |
EOL
Microsoft Office 2016 became EOL in 2025 and supported ended in 2020 |
| 365 | - | - |
Active
|
| 2013 | April 11, 2023 | April 10, 2018 |
EOL
Microsoft Office 2013 became EOL in 2023 and supported ended in 2018 |
| 2011-for-mac | October 10, 2017 | October 10, 2017 |
EOL
Microsoft Office 2011-for-mac became EOL in 2017 and supported ended in 2017 |
| 2010 | October 13, 2020 | October 13, 2015 |
EOL
Microsoft Office 2010 became EOL in 2020 and supported ended in 2015 |
| 2008-for-mac | April 9, 2013 | April 9, 2013 |
EOL
Microsoft Office 2008-for-mac became EOL in 2013 and supported ended in 2013 |
| 2007 | October 10, 2017 | October 9, 2012 |
EOL
Microsoft Office 2007 became EOL in 2017 and supported ended in 2012 |
By the Year
In 2026 there have been 1 vulnerability in Microsoft Office with an average score of 7.0 out of ten. Last year, in 2025 Office had 110 security vulnerabilities published. Right now, Office is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.67
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.00 |
| 2025 | 110 | 7.67 |
| 2024 | 41 | 7.71 |
| 2023 | 62 | 7.45 |
| 2022 | 47 | 7.19 |
| 2021 | 64 | 7.50 |
| 2020 | 71 | 7.44 |
| 2019 | 58 | 7.37 |
| 2018 | 76 | 7.53 |
It may take a day or so for new Office vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Office Security Vulnerabilities
Jan 2026: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-20943
7 - High
- January 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Path
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62557
8.4 - High
- December 09, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554
8.4 - High
- December 09, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
MS Office DoS via Office Service (CVE-2025-66334)
CVE-2025-66334
3.3 - Low
- December 08, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Download of Code Without Integrity Check
MS Office Service DoS via Office Service Vulnerability
CVE-2025-66331
3.3 - Low
- December 08, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Download of Code Without Integrity Check
MS Office DoS via Office Service
CVE-2025-64313
5.3 - Medium
- November 28, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Race Condition
Nov 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-60724
9.8 - Critical
- November 11, 2025
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199
7.8 - High
- November 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59227
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234
7.8 - High
- October 14, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
MS Office DoS via Office Service Vulnerability
CVE-2025-58291
3.3 - Low
- October 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
Path Traversal: '\..\filename'
Microsoft Office Service UAF Vulnerability (Service Confidentiality Impact)
CVE-2025-58287
7.8 - High
- October 11, 2025
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
Permission Issues
Sep 2025: Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-53799
5.5 - Medium
- September 09, 2025
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53739
7.8 - High
- August 12, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53740
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53732
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-53766
9.8 - Critical
- August 12, 2025
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Aug 2025: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-53761
7.8 - High
- August 12, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53759
7.8 - High
- August 12, 2025
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use of Uninitialized Resource
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53741
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53737
7.8 - High
- August 12, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Aug 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-53735
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-53734
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53731
8.4 - High
- August 12, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-53730
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53738
7.8 - High
- August 12, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733
8.4 - High
- August 12, 2025
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Incorrect Conversion between Numeric Types
Aug 2025: Microsoft Word Information Disclosure Vulnerability
CVE-2025-53736
6.8 - Medium
- August 12, 2025
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Buffer Over-read
Microsoft Office local code exec via Heap-based buffer overflow
CVE-2025-49697
8.4 - High
- July 08, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Useafterfree in MS Excel permits local code execution
CVE-2025-49711
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Office XML Deserialization Allows Local Privilege Escalation
CVE-2025-47994
8.6 - High
- July 08, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Marshaling, Unmarshaling
Microsoft Office Word Use-After-Free Enables Local Code Execution
CVE-2025-49700
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Microsoft Office UAF: Code Execution via Local Use-After-Free
CVE-2025-49699
7 - High
- July 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use-after-Free in MS Office Word Allows Local Code Exec
CVE-2025-49698
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Out-of-Bounds Read in Microsoft Office Enables Local Code Exec
CVE-2025-49696
8.4 - High
- July 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
UAF in Microsoft Office – Local Code Execution
CVE-2025-49695
8.4 - High
- July 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Excel OOB Read Allows Local Info Disclosure
CVE-2025-48812
5.5 - Medium
- July 08, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Heap Buffer Overflow in MS Office PowerPoint Enables Local Code Exec
CVE-2025-49705
7.8 - High
- July 08, 2025
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
UA-FREE: Local Code Exec via Use-After-Free in Microsoft Office Word
CVE-2025-49703
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
MS Office Type Confusion (CVE-2025-49702) Enables Local Code Exec
CVE-2025-49702
7.8 - High
- July 08, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use-after-free in Microsoft Office Enables Local Code Exec
CVE-2025-47953
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Office Word Heap Overflow Allows Local Code Exec
CVE-2025-47169
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
UEF in MS Office PPT allows local code exec
CVE-2025-47175
7.8 - High
- June 10, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
MS Office Improper Input Validation Enables Local Code Exec
CVE-2025-47173
7.8 - High
- June 10, 2025
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Microsoft Outlook: Improper IV allows authorized exec
CVE-2025-47171
6.7 - Medium
- June 10, 2025
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Improper Input Validation
Use-after-free in Microsoft Office Excel Enables Local Code Exec
CVE-2025-47165
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap Overflow in MS Office Enables Local Code Exec
CVE-2025-47162
8.4 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Microsoft Office Use-After-Free LPE
CVE-2025-47164
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Local Code Exec via '..//...' in Outlook (CVE-2025-47176)
CVE-2025-47176
7.8 - High
- June 10, 2025
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Type Confusion in Microsoft Office Enabling Local Code Execution
CVE-2025-47167
8.4 - High
- June 10, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office or by Microsoft? Click the Watch button to subscribe.
