Known Vulnerabilities for Infopath by Microsoft

Listed below are 9 of the newest known vulnerabilities associated with "Infopath" by "Microsoft".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2018-8173 A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memo... 7.8 - HIGH 2018-05-09 2020-08-24
CVE-2016-0021 Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office do... 7.8 - HIGH 2016-03-09 2018-10-12
CVE-2015-2503 Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publis... 9.3 - HIGH 2015-11-11 2018-10-12
CVE-2013-1289 Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundati... 4.3 - MEDIUM 2013-04-09 2018-10-12
CVE-2012-2520 Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010... 4.3 - MEDIUM 2012-10-09 2018-10-12
CVE-2008-3068 Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificat... 7.5 - HIGH 2008-07-07 2018-10-11
CVE-2007-0671 Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows rem... 9.3 - HIGH 2007-02-03 2018-10-12
CVE-2006-3877 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v... 9.3 - HIGH 2006-10-10 2018-10-17
CVE-2004-0200 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll... 9.3 - HIGH 2004-09-28 2018-10-30

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftInfopath2013AllAllAll
ApplicationMicrosoftInfopath2010sp1x64All
ApplicationMicrosoftInfopath2010sp1x86All
ApplicationMicrosoftInfopath2007AllAllAll
ApplicationMicrosoftInfopath2003AllAllAll
ApplicationMicrosoftInfopath-AllAllAll
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report