Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Excel
Total 388 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3014 1 Microsoft 1 Excel 2025-04-03 5.1 MEDIUM N/A
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
CVE-2004-0846 1 Microsoft 2 Excel, Office 2025-04-03 7.5 HIGH N/A
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
CVE-2002-1143 1 Microsoft 2 Excel, Word 2025-04-03 5.0 MEDIUM N/A
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
CVE-2006-3059 1 Microsoft 2 Excel, Excel Viewer 2025-04-03 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
CVE-2000-0765 1 Microsoft 3 Excel, Powerpoint, Word 2025-04-03 5.1 MEDIUM N/A
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
CVE-2002-0618 1 Microsoft 2 Excel, Office 2025-04-03 7.5 HIGH N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
CVE-2006-2388 1 Microsoft 2 Excel, Excel Viewer 2025-04-03 9.3 HIGH N/A
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
CVE-2006-1304 1 Microsoft 2 Excel, Excel Viewer 2025-04-03 9.3 HIGH N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
CVE-2006-0028 1 Microsoft 2 Excel, Office 2025-04-03 5.1 MEDIUM N/A
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
CVE-2000-0637 1 Microsoft 1 Excel 2025-04-03 4.6 MEDIUM N/A
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
CVE-2002-0616 1 Microsoft 2 Excel, Office 2025-04-03 5.1 MEDIUM N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
CVE-2002-0615 1 Microsoft 2 Excel, Office 2025-04-03 7.5 HIGH N/A
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
CVE-1999-0794 1 Microsoft 2 Excel, Office 2025-04-03 4.6 MEDIUM N/A
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-2006-0029 1 Microsoft 2 Excel, Office 2025-04-03 5.1 MEDIUM N/A
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
CVE-2006-1308 1 Microsoft 2 Excel, Excel Viewer 2025-04-03 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
CVE-1999-0717 1 Microsoft 5 Excel, Windows 2000, Windows 95 and 2 more 2025-04-03 2.6 LOW N/A
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
CVE-2000-0597 1 Microsoft 2 Excel, Powerpoint 2025-04-03 7.5 HIGH N/A
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
CVE-2000-0419 1 Microsoft 10 Access, Excel, Frontpage and 7 more 2025-04-03 7.5 HIGH N/A
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
CVE-2002-0617 1 Microsoft 2 Excel, Office 2025-04-03 5.1 MEDIUM N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
CVE-2023-23398 1 Microsoft 3 365 Apps, Excel, Office 2025-02-28 N/A 7.1 HIGH
Microsoft Excel Spoofing Vulnerability