Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Office  >> 16.0.16130.20156  Security Vulnerabilities
CVE-2025-47167
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.002
Published
2025-06-10
CVE-2025-30386
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-05-13
CVE-2025-30388
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-13
CVE-2025-26687
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-08
CVE-2025-21338
GDI+ Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2025-01-14
CVE-2023-36565
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.001
Published
2023-10-10
CVE-2007-3282
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.
CVSS Score
7.8
EPSS Score
0.466
Published
2007-06-19
CVE-2007-3109
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
CVSS Score
6.4
EPSS Score
0.169
Published
2007-06-07
CVE-2006-1311
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
CVSS Score
9.3
EPSS Score
0.686
Published
2007-02-13
CVE-2006-4694
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
CVSS Score
9.3
EPSS Score
0.465
Published
2006-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved