Microsoft Publisher
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Publisher.
Recent Microsoft Publisher Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-38226 | CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability | September 10, 2024 |
| CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability | February 14, 2023 |
Known Exploited Microsoft Publisher Vulnerabilities
The following Microsoft Publisher vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Publisher Security Feature Bypass Vulnerability |
Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2024-38226 Exploit Probability: 1.4% |
September 10, 2024 |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Publisher. Publisher did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.55 |
| 2023 | 2 | 7.80 |
| 2022 | 1 | 5.50 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Publisher vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Publisher Security Vulnerabilities
Sep 2024: Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-38226
7.3 - High
- September 10, 2024
Microsoft Publisher Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Office RCE via Office Component
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Remote Code Execution in Microsoft Publisher (CVE-2023-28295)
CVE-2023-28295
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Publisher RCE via mishandled document file
CVE-2023-28287
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-29107
5.5 - Medium
- May 10, 2022
Microsoft Office Security Feature Bypass Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries
CVE-2020-0760
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
Improper Input Validation
Jun 2018:
CVE-2018-8245
- June 14, 2018
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Publisher or by Microsoft? Click the Watch button to subscribe.
