Microsoft Office
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Office.
Recent Microsoft Office Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2025-47173 | CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability | June 10, 2025 |
CVE-2025-47167 | CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability | June 10, 2025 |
CVE-2025-47164 | CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability | June 10, 2025 |
CVE-2025-47953 | CVE-2025-47953 Microsoft Office Remote Code Execution Vulnerability | June 10, 2025 |
CVE-2025-47162 | CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability | June 10, 2025 |
CVE-2025-30386 | CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability | May 13, 2025 |
CVE-2025-30377 | CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability | May 13, 2025 |
CVE-2025-26642 | CVE-2025-26642 Microsoft Office Remote Code Execution Vulnerability | April 8, 2025 |
CVE-2025-29792 | CVE-2025-29792 Microsoft Office Elevation of Privilege Vulnerability | April 8, 2025 |
CVE-2025-27749 | CVE-2025-27749 Microsoft Office Remote Code Execution Vulnerability | April 8, 2025 |
Known Exploited Microsoft Office Vulnerabilities
The following Microsoft Office vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Office Outlook Privilege Escalation Vulnerability |
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. CVE-2023-23397 Exploit Probability: 93.5% |
March 14, 2023 |
Microsoft Office Security Feature Bypass Vulnerability |
Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system. CVE-2023-21715 Exploit Probability: 0.4% |
February 14, 2023 |
Microsoft Office Object Record Corruption Vulnerability |
Microsoft Office contains an object record corruption vulnerability which allows remote attackers to execute code via a crafted Excel file with a malformed record object. CVE-2009-0557 Exploit Probability: 83.0% |
June 8, 2022 |
Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field. CVE-2009-0563 Exploit Probability: 77.9% |
June 8, 2022 |
Microsoft Office Buffer Overflow Vulnerability |
Microsoft Office contains a buffer overflow vulnerability which allows remote attackers to execute code via crafted PNG data in an Office document. CVE-2013-1331 Exploit Probability: 85.8% |
June 8, 2022 |
Microsoft Office Uninitialized Memory Use Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. CVE-2015-1770 Exploit Probability: 73.2% |
March 28, 2022 |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. CVE-2021-38646 Exploit Probability: 66.3% |
March 28, 2022 |
Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. CVE-2016-7193 Exploit Probability: 78.4% |
March 3, 2022 |
Microsoft Office Stack-based Buffer Overflow Vulnerability |
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. CVE-2010-3333 Exploit Probability: 94.0% |
March 3, 2022 |
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. CVE-2012-1856 Exploit Probability: 92.4% |
March 3, 2022 |
Microsoft Office Memory Corruption Vulnerability |
Microsoft Office contains a memory corruption vulnerability which allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1642 Exploit Probability: 64.7% |
March 3, 2022 |
Microsoft Office Malformed EPS File Vulnerability |
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. CVE-2015-2545 Exploit Probability: 93.3% |
March 3, 2022 |
Microsoft Office Use-After-Free Vulnerability |
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. CVE-2017-0261 Exploit Probability: 93.0% |
March 3, 2022 |
Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. CVE-2017-11826 Exploit Probability: 89.7% |
March 3, 2022 |
Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. CVE-2017-8570 Exploit Probability: 94.2% |
February 25, 2022 |
Microsoft Office Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Office. CVE-2017-0262 Exploit Probability: 64.7% |
February 10, 2022 |
Microsoft Excel Security Feature Bypass |
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. CVE-2021-42292 Exploit Probability: 17.9% |
November 17, 2021 |
Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
Allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". CVE-2018-0798 Exploit Probability: 94.2% |
November 3, 2021 |
Microsoft Office memory corruption vulnerability |
Allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. CVE-2017-11882 Exploit Probability: 94.4% |
November 3, 2021 |
Microsoft Office Memory Corruption vulnerability |
Allows remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." CVE-2015-1641 Exploit Probability: 93.5% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 12 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Microsoft Office vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Microsoft Office Vulnerabilities
Based on the current exploit probability, these Microsoft Office vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
Rank | CVE | EPSS | Vulnerability |
---|---|---|---|
1 | CVE-2017-11882 | 94.4% | Microsoft Office memory corruption vulnerability |
2 | CVE-2017-8570 | 94.2% | Microsoft Office Remote Code Execution Vulnerability |
3 | CVE-2018-0798 | 94.2% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
4 | CVE-2018-0802 | 94.1% | Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
5 | CVE-2010-3333 | 94.0% | Microsoft Office Stack-based Buffer Overflow Vulnerability |
6 | CVE-2023-23397 | 93.5% | Microsoft Office Outlook Privilege Escalation Vulnerability |
7 | CVE-2015-1641 | 93.5% | Microsoft Office Memory Corruption vulnerability |
8 | CVE-2015-2545 | 93.3% | Microsoft Office Malformed EPS File Vulnerability |
9 | CVE-2017-0261 | 93.0% | Microsoft Office Use-After-Free Vulnerability |
10 | CVE-2012-1856 | 92.4% | Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability |
EOL Dates
Ensure that you are using a supported version of Microsoft Office. Here are some end of life, and end of support dates for Microsoft Office.
Release | EOL | End of Support | Status |
---|---|---|---|
2024 | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024 will become EOL in 4 years (in 2029). |
2024-ltsc | October 9, 2029 | October 9, 2029 |
Active
Microsoft Office 2024-ltsc will become EOL in 4 years (in 2029). |
2021 | October 13, 2026 | October 13, 2026 |
Active
Microsoft Office 2021 will become EOL next year, in October 2026. |
2019 | October 14, 2025 | October 10, 2023 |
EOL This Year
Microsoft Office 2019 will become EOL this year, in October 2025. |
2016 | October 14, 2025 | October 13, 2020 |
EOL This Year
Microsoft Office 2016 will become EOL this year, in October 2025. |
365 | - | - |
Active
|
2013 | April 11, 2023 | April 10, 2018 |
EOL
Microsoft Office 2013 became EOL in 2023 and supported ended in 2018 |
2011-for-mac | October 10, 2017 | October 10, 2017 |
EOL
Microsoft Office 2011-for-mac became EOL in 2017 and supported ended in 2017 |
2010 | October 13, 2020 | October 13, 2015 |
EOL
Microsoft Office 2010 became EOL in 2020 and supported ended in 2015 |
2008-for-mac | April 9, 2013 | April 9, 2013 |
EOL
Microsoft Office 2008-for-mac became EOL in 2013 and supported ended in 2013 |
2007 | October 10, 2017 | October 9, 2012 |
EOL
Microsoft Office 2007 became EOL in 2017 and supported ended in 2012 |
By the Year
In 2025 there have been 44 vulnerabilities in Microsoft Office with an average score of 7.7 out of ten. Last year, in 2024 Office had 39 security vulnerabilities published. That is, 5 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.00.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 44 | 7.72 |
2024 | 39 | 7.72 |
2023 | 60 | 7.46 |
2022 | 42 | 7.12 |
2021 | 64 | 7.50 |
2020 | 71 | 7.44 |
2019 | 58 | 7.37 |
2018 | 76 | 7.53 |
It may take a day or so for new Office vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Office Security Vulnerabilities
'.../...//' in Microsoft Office Outlook allows an authorized
CVE-2025-47176
7.8 - High
- June 10, 2025
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30383
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office
CVE-2025-30386
7.8 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Windows Win32K - GRFX
CVE-2025-30388
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Memory Corruption
Buffer over-read in Microsoft Office Excel
CVE-2025-32704
7.8 - High
- May 13, 2025
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-30376
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Use after free in Microsoft Office
CVE-2025-30377
7.8 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Release of invalid pointer or reference in Microsoft Office Excel
CVE-2025-30379
7.8 - High
- May 13, 2025
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Release of Invalid Pointer or Reference
Out-of-bounds read in Microsoft Office Excel
CVE-2025-30381
7.8 - High
- May 13, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Use after free in Microsoft Office Excel
CVE-2025-29977
7.8 - High
- May 13, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-29979
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30375
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office Access
CVE-2025-26630
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office
CVE-2025-24057
7.8 - High
- March 11, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Stack-based buffer overflow in Microsoft Office Excel
CVE-2025-24075
7.8 - High
- March 11, 2025
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Stack Overflow
Use after free in Microsoft Office Word
CVE-2025-24078
7 - High
- March 11, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Word
CVE-2025-24079
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office
CVE-2025-24080
7.8 - High
- March 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-24081
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-24082
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Untrusted pointer dereference in Microsoft Office
CVE-2025-24083
7.8 - High
- March 11, 2025
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21394
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21397
7.8 - High
- February 11, 2025
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21383
5.5 - Medium
- February 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21381
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21392
7.8 - High
- February 11, 2025
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21402
7.8 - High
- January 14, 2025
Microsoft Office OneNote Remote Code Execution Vulnerability
Improper Restriction of Names for Files and Other Resources
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21345
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21346
7.8 - High
- January 14, 2025
Microsoft Office Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21354
7.8 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21356
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21357
6.7 - Medium
- January 14, 2025
Microsoft Outlook Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21361
7.8 - High
- January 14, 2025
Microsoft Outlook Remote Code Execution Vulnerability
Improper Restriction of Names for Files and Other Resources
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21363
7.8 - High
- January 14, 2025
Microsoft Word Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21364
7.8 - High
- January 14, 2025
Microsoft Excel Security Feature Bypass Vulnerability
Marshaling, Unmarshaling
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21365
7.8 - High
- January 14, 2025
Microsoft Office Remote Code Execution Vulnerability
Untrusted Path
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21366
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Dangling pointer
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21186
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
GDI+ Remote Code Execution Vulnerability
CVE-2025-21338
7.8 - High
- January 14, 2025
GDI+ Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Microsoft Access Remote Code Execution Vulnerability
CVE-2024-49142
7.8 - High
- December 12, 2024
Microsoft Access Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-49065
5.5 - Medium
- December 12, 2024
Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-49059
7 - High
- December 12, 2024
Microsoft Office Elevation of Privilege Vulnerability
Race Condition
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-43600
7.8 - High
- December 12, 2024
Microsoft Office Elevation of Privilege Vulnerability
Authorization
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office Long Term Servicing Channel or by Microsoft? Click the Watch button to subscribe.
