How to exploit zero day vulnerabilities in Microsoft Office products

A lot of the exploits we see posted are actually new vulnerabilities in older versions of Microsoft Office, and they’ve been around for a while.

But some of these are really old bugs, and a lot of them have been patched in some form or another since 2014.

The exploits listed below have been known since at least 2007, and in some cases they’ve also been patched to work with newer versions of the same software.

You can find out more about this list here.

1.

CVE-2016-9073: Microsoft Office XP x64 and Office 2007 x86 – Remote Code Execution vulnerability CVE-2017-9000: Microsoft Outlook 2016 – Remote code execution vulnerability CVE–2017-8802: Microsoft Word 2010 – Remote control crash vulnerability CVE—2017-8400: Microsoft Excel 2007 – Remote execution vulnerability (CVE-2017) CVE-2018-10291: Microsoft PowerPoint 2007 – Local privilege escalation CVE-2019-8806: Microsoft Exchange 2007 – Privilege escalation CVE—2019-8480: Microsoft SQL Server 2007 – SQL injection CVE-2020-8881: Microsoft Lync 2007 – Elevation of privilege vulnerability CVE —2019-8910: Microsoft Windows Server 2008 – SQL privilege escalationCVE—2019—8805: Microsoft Visual Basic 2007 – Null pointer dereference CVE—2020-9350: Microsoft Silverlight 2007 – Multiple memory corruption vulnerabilities CVE—2021-8483: Microsoft SharePoint 2007 – File access vulnerability CVE*2022-8461: Microsoft Internet Explorer 7 – Data leakage CVE—2101-8523: Microsoft .NET Framework 4.6 – Data loss CVE—2220-9403: Microsoft HTML 4.01 – Data leaks CVE—2430-9405: Microsoft ASP.NET 3.5.1 – SQL/shell injectionCVE—2433-9406: Microsoft Server 2003 – Data leaking CVE—2510-9310: System Center 2012 R2 – SQLite leak CVE—2625-9407: Microsoft Edge 2008 – Memory leak CVE*2627-9315: Microsoft Firefox 3.6.3 – Remote SQL injectionCVE*2700-9330: Microsoft IE 9.0 – SQL NULL pointer dereferencingCVE—2940-9409: Microsoft XP (SP3) 2007 – Memory corruptionCVE—3003-9408: Microsoft MS-DOS 2000 – SQL heap overflowCVE—3070-9320: Microsoft Microsoft Windows 2000 – Data in memory corruptionCVE*3073-9404: Microsoft Mac OS X 10.5 Leopard – Data corruption CVE—3081-9321: Microsoft Linux 4.0.0 (beta) – Local and remote SQL injectionsCVE—3300-9348: Microsoft C++ AMP – Remote access vulnerabilityCVE—3600-9632: Microsoft COBOL 5.1 2005 – Local SQL injection and memory corruption CVE*3603-9634: Microsoft Python 2.7 – Local & remote SQL injectionand memory corruptionA lot of these vulnerabilities were discovered in the first few years of Microsoft’s Office suite of products.

They have been fixed since then, but not by all vendors.

We don’t know if they were patched in this year’s version of Office or not, and we don’t think they’re fixed in this version of the software.

This means that the number of vulnerabilities that have been exploited is still relatively small, and many of these issues are still present in some older versions.

If you know of any exploits that are still in use, please let us know in the comments.

This list also has a couple other interesting exploits that we don�t cover in this article.

We also recommend that you read up on the various Microsoft Office software vulnerabilities, as they can be really handy to know about.

2.

CVE—2016-8783: Microsoft Azure SharePoint – Remote data leakage CVE–2016-8401: Microsoft Hyper-V 2007 – Buffer overflow vulnerability CVE**2023-8514: Microsoft VBA 2007 – Uninitialized memory corruption vulnerability CVE***2025-8443: Microsoft System Center 2007 – Access to protected data via uninitialized memory, SQL injection, and SQL/Shell injectionCVE–2025: Microsoft Access 2009 – Remote user input vulnerability CVE—2026-8442: Microsoft XML Services 2007 – XSS injectionCVE**2030-8440: Microsoft Forms 2007 – XML manipulationCVE***2032-8439: Microsoft Power BI 2007 – RDP remote execution vulnerability, SQL/SQL injectionCVE***3140-8438: Microsoft Data Access 2007 – Cross-site scripting (XSS)CVE***3510-8437: Microsoft InfoPath 2007 – Application server memory corruption, SQL manipulationCVE**3511-8436: Microsoft Dynamics Center 2007 Service Pack 1 – SQL inbound injectionCVE—3514-8435: Microsoft Vis