Microsoft Publisher
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Publisher.
Recent Microsoft Publisher Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-38226 | CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability | September 10, 2024 |
| CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability | February 14, 2023 |
Known Exploited Microsoft Publisher Vulnerabilities
The following Microsoft Publisher vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Publisher Security Feature Bypass Vulnerability |
Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2024-38226 Exploit Probability: 66.0% |
September 10, 2024 |
The vulnerability CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 0 vulnerabilities in Microsoft Publisher. Last year, in 2024 Publisher had 2 security vulnerabilities published. Right now, Publisher is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.55 |
| 2023 | 2 | 7.80 |
| 2022 | 1 | 5.50 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Publisher vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Publisher Security Vulnerabilities
Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-38226
7.3 - High
- September 10, 2024
Microsoft Publisher Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28295
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28287
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-29107
5.5 - Medium
- May 10, 2022
Microsoft Office Security Feature Bypass Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries
CVE-2020-0760
8.8 - High
- April 15, 2020
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
Improper Input Validation
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features
CVE-2018-8245
7.8 - High
- June 14, 2018
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Publisher or by Microsoft? Click the Watch button to subscribe.
