Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office Word via use-after-free memory corruption affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. Unauthenticated attackers can achieve full system compromise (confidentiality, integrity, availability) by inducing users to open specially crafted Word documents, triggering memory reuse vulnerabilities during document parsing. Vendor patch available via Microsoft Security Response Center. No public exploit identified at time of analysis, though CVSS 7.8 indicates high severity when user interaction occurs.
Technical ContextAI
This vulnerability stems from a use-after-free condition (CWE-416) in Microsoft Word's document processing engine. Use-after-free vulnerabilities occur when application code continues to reference memory after it has been deallocated, allowing attackers to manipulate freed memory regions and redirect program execution flow. The affected products per CPE strings are Microsoft 365 Apps for Enterprise (version 16.0.1 and earlier) and Microsoft Office LTSC 2024 (version 16.0.0 and earlier), both using the shared Office document rendering infrastructure. The local attack vector indicates exploitation requires the malicious document to be opened on the target system, rather than remote network-based exploitation. Tags indicate this can cause memory corruption leading to denial of service or arbitrary code execution depending on exploitation technique.
RemediationAI
Apply security updates provided by Microsoft through the official Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23657. Organizations using Microsoft 365 Apps for Enterprise should update beyond version 16.0.1, and those using Office LTSC 2024 should update beyond version 16.0.0, with specific patched versions detailed at https://aka.ms/OfficeSecurityReleases. Enable automatic updates for Microsoft Office products where feasible to ensure timely patch deployment. As interim mitigation until patches are applied, implement strict controls on opening Word documents from untrusted sources, enforce Protected View settings in Word to sandbox potentially malicious documents, and deploy email gateway filtering to block suspicious Office file attachments. Application whitelisting and endpoint detection solutions can provide additional defense-in-depth layers by detecting abnormal behavior from Word processes.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22361