cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38189,https://securityvulnerability.io/vulnerability/CVE-2024-38189,Remote Code Execution Vulnerability Affects Microsoft Project,"A vulnerability exists in Microsoft Project that allows for remote code execution under specific conditions. This vulnerability could be exploited when a user opens a specially crafted file designed to compromise the application, leading to unauthorized operations on the user's system. Attackers could potentially gain access to sensitive data or control over affected systems. To protect against this vulnerability, it is essential to apply the latest security updates from Microsoft and to follow best practices for file handling and security.",Microsoft,"Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Project 2016,Microsoft Office Ltsc 2021",8.8,HIGH,0.006209999788552523,true,false,false,true,,false,false,2024-08-13T17:30:31.741Z,0
CVE-2020-1449,https://securityvulnerability.io/vulnerability/CVE-2020-1449,,"A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.",Microsoft,"Microsoft Office,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Project",7.8,HIGH,0.020490000024437904,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0
CVE-2020-1322,https://securityvulnerability.io/vulnerability/CVE-2020-1322,,"An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.",Microsoft,"Microsoft Project,Microsoft Office,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft 365 Apps For Enterprise For 32-bit Systems",6.5,MEDIUM,0.011629999615252018,false,false,false,false,,false,false,2020-06-09T19:44:08.000Z,0
CVE-2020-0760,https://securityvulnerability.io/vulnerability/CVE-2020-0760,,"A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus,Microsoft Excel,Microsoft Powerpoint,Microsoft Visio,Microsoft Word,Microsoft Publisher 2016 (32-bit Edition),Microsoft Publisher 2016 (64-bit Edition),Microsoft Access,Microsoft Outlook,Microsoft Publisher 2013 Service Pack 1 (32-bit Editions),Microsoft Publisher 2013 Service Pack 1 (64-bit Editions),Microsoft Publisher",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-04-15T15:12:40.000Z,0
CVE-2019-1264,https://securityvulnerability.io/vulnerability/CVE-2019-1264,,"A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus",7.8,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2019-09-11T21:24:59.000Z,0
CVE-2018-8575,https://securityvulnerability.io/vulnerability/CVE-2018-8575,,"A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka ""Microsoft Project Remote Code Execution Vulnerability."" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.",Microsoft,"Microsoft Project,Office,Microsoft Project Server",7.8,HIGH,0.8542199730873108,false,false,false,false,,false,false,2018-11-14T01:00:00.000Z,0
CVE-2015-2503,https://securityvulnerability.io/vulnerability/CVE-2015-2503,,"Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Microsoft Office Elevation of Privilege Vulnerability.""",Microsoft,"Word,Onenote,Publisher,Powerpoint,Project Server,Infopath,Access,Excel,Project,Visio,Lync,Skype For Business,Pinyin Ime,Office 2007 Ime",,,0.006819999776780605,false,false,false,false,,false,false,2015-11-11T11:00:00.000Z,0
CVE-2014-0251,https://securityvulnerability.io/vulnerability/CVE-2014-0251,,"Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka ""SharePoint Page Content Vulnerability.""",Microsoft,"Project Server,Sharepoint Foundation,Web Applications,Sharepoint Server,Sharepoint Designer,Office Web Apps Server,Sharepoint Services,Sharepoint Server Client Components Sdk",,,0.017109999433159828,false,false,false,false,,false,false,2014-05-14T10:00:00.000Z,0
CVE-2009-0102,https://securityvulnerability.io/vulnerability/CVE-2009-0102,,"Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka ""Project Memory Validation Vulnerability.""",Microsoft,"Office Project,Project Server,Project Portfolio Server",,,0.8968499898910522,false,false,false,false,,false,false,2009-12-09T18:00:00.000Z,0
CVE-2008-4252,https://securityvulnerability.io/vulnerability/CVE-2008-4252,,"The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""DataGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6039599776268005,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4253,https://securityvulnerability.io/vulnerability/CVE-2008-4253,,"The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""FlexGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6840500235557556,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4256,https://securityvulnerability.io/vulnerability/CVE-2008-4256,,"The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""Charts Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6840500235557556,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4255,https://securityvulnerability.io/vulnerability/CVE-2008-4255,,"Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an ""allocation error"" and memory corruption, aka ""Windows Common AVI Parsing Overflow Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.9411900043487549,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4254,https://securityvulnerability.io/vulnerability/CVE-2008-4254,,"Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the ""system state,"" aka ""Hierarchical FlexGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.9618499875068665,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-3068,https://securityvulnerability.io/vulnerability/CVE-2008-3068,,"Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.",Microsoft,"Frontpage,Sharepoint Designer,Office Communicator,Access,Visio Professional,Outlook,Project Standard,Powerpoint,Infopath,Visio Standard,Windows Live Mail,Publisher,Onenote,Excel,Project Professional,Office,Groove",,,0.05584000051021576,false,false,false,false,,false,false,2008-07-07T23:41:00.000Z,0
CVE-2007-0671,https://securityvulnerability.io/vulnerability/CVE-2007-0671,,"Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.",Microsoft,"Frontpage,Project,Access,Outlook,Powerpoint,Office,Excel,Publisher,Word,Infopath,Excel Viewer,Visio,Onenote,Word Viewer",,,0.9559100270271301,false,false,false,false,,false,false,2007-02-03T01:00:00.000Z,0
CVE-2006-5574,https://securityvulnerability.io/vulnerability/CVE-2006-5574,,"Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.",Microsoft,"Visio,Office Proofing Tools,Project Multilingual User Interface Pack,Office Multilingual User Interface Pack,Office",,,0.08664000034332275,false,false,false,false,,false,false,2006-12-31T05:00:00.000Z,0
CVE-2006-3864,https://securityvulnerability.io/vulnerability/CVE-2006-3864,,"Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an ""array boundary condition"" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.",Microsoft,"Office,Project,Visio",,,0.9292799830436707,false,false,false,false,,false,false,2006-10-10T22:00:00.000Z,0
CVE-2006-3877,https://securityvulnerability.io/vulnerability/CVE-2006-3877,,"Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified ""crafted file,"" a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.",Microsoft,"Frontpage,Project,Access,Outlook,Powerpoint,Office,Excel,Publisher,Word,Infopath,Excel Viewer,Visio,Onenote,Word Viewer",,,0.1588899940252304,false,false,false,false,,false,false,2006-10-10T22:00:00.000Z,0
CVE-2005-2127,https://securityvulnerability.io/vulnerability/CVE-2005-2127,,"Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the ""COM Object Instantiation Memory Corruption vulnerability.""",Microsoft,".net Framework,Visual Studio .net,Visio,Project,Office,Catalyst Driver",,,0.6351900100708008,false,false,false,false,,false,false,2005-08-19T04:00:00.000Z,0
CVE-2004-0848,https://securityvulnerability.io/vulnerability/CVE-2004-0848,,"Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) ""%00 (null byte) in .doc filenames or (2) ""%0a"" (carriage return) in .rtf filenames.",Microsoft,"Word,Visio,Project,Powerpoint,Office,Works",,,0.40498998761177063,false,false,false,false,,false,false,2005-02-08T05:00:00.000Z,0
CVE-2004-0200,https://securityvulnerability.io/vulnerability/CVE-2004-0200,,"Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.",Microsoft,"Frontpage,Visual J\# .net,Visual C\+\+,Digital Image Pro,Visual Studio .net,Project,Visual Basic,Picture It,Powerpoint,Office,Outlook,Digital Image Suite,Infopath,Publisher,Word,Excel,Visio,Greetings,Onenote,Visual C\#,Producer,.net Framework",,,0.9617199897766113,false,false,false,false,,false,false,2004-09-28T04:00:00.000Z,0
CVE-2003-0347,https://securityvulnerability.io/vulnerability/CVE-2003-0347,,Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.,Microsoft,"Visual Basic,Project,Office,Visio",,,0.9477800130844116,false,false,false,false,,false,false,2003-10-20T04:00:00.000Z,0
CVE-2002-0727,https://securityvulnerability.io/vulnerability/CVE-2002-0727,,"The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.",Microsoft,"Project,Office Web Components",,,0.016599999740719795,false,false,false,false,,false,false,2002-09-24T04:00:00.000Z,0
CVE-2002-0861,https://securityvulnerability.io/vulnerability/CVE-2002-0861,,"Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the ""Allow paste operations via script"" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.",Microsoft,"Project,Office Web Components",,,0.01561999972909689,false,false,false,false,,false,false,2002-09-24T04:00:00.000Z,0