EUVD-2025-17731CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Analysis
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Technical Context
The vulnerability stems from a use-after-free condition (CWE-416) in Microsoft Office Word's document parsing or rendering engine. Use-after-free occurs when code attempts to access memory that has been freed/deallocated, allowing attackers to control that freed memory region and redirect execution flow. This is a classic memory corruption vulnerability in the Office document handler—likely triggered during processing of specially crafted .doc, .docx, or related Word formats. The attack surface is the document import/parsing subsystem, which processes untrusted user-supplied documents. Given Word's C/C++ implementation and complex document format handling, heap-based use-after-free in object lifecycle management is a plausible root cause. CPE identifier would be cpe:2.3:a:microsoft:office:*:*:*:*:*:windows:*:* with version constraints from Microsoft's advisory.
Affected Products
Microsoft Office Word (specific versions would be detailed in Microsoft Security Advisory, typically multiple recent versions). Likely affected: Word 2019, Word 2021, Microsoft 365 subscription versions (Office 365 Click-to-Run and MSI installations). Affected CPE: cpe:2.3:a:microsoft:office:2019:*:*:*:*:windows:*:* | cpe:2.3:a:microsoft:office:2021:*:*:*:*:windows:*:* | cpe:2.3:a:microsoft:microsoft_365:*:*:*:*:*:windows:*:*. Note: Windows platform only (AV:L indicates local attack vector, implying Windows OS context). macOS and mobile Word may or may not be affected—verify via Microsoft's official advisory. Patch availability must be verified through Microsoft Security Update Guide (portal.msrc.microsoft.com) for specific KB articles and version numbers.
Remediation
1. IMMEDIATE: Deploy Microsoft security patch for Office/Word as released by Microsoft Security Response Center (MSRC). Subscribe to Microsoft Security Updates (portal.msrc.microsoft.com) for CVE-2025-47168 details and KB article references. 2. PATCH VERSIONS: Apply latest cumulative/security update for Word 2019 (KB reference pending), Word 2021 (KB pending), and Microsoft 365 monthly/semi-annual channels (automatic or manual via Settings > Update Options). 3. INTERIM MITIGATIONS (if patching delayed): Disable opening Word documents from untrusted sources; use Word in Protected View (enforced via Group Policy: DisableInternetFilesInPV); disable macros and external content. 4. WORKAROUND: Convert critical documents to PDF or use Office Online (web-based, separate codebase) instead of desktop Word. 5. DETECTION: Monitor for Office crashes (WER events), unusual WINWORD.EXE memory patterns, or execution of unexpected child processes post-Word opening. Consult Microsoft's official advisory for exact patch KB numbers and rollout dates.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today