Skip to main content

Microsoft Office CVE-2026-45460

| EUVDEUVD-2026-35670 MEDIUM
Buffer Over-read (CWE-126)
2026-06-09 secure@microsoft.com GHSA-8wpv-9rm8-hj6h
4.7
CVSS 3.1 · Vendor: microsoft
Temporal: 4.1
Share

Severity by source

Vendor (microsoft) PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CIRCL (temporal)
4.1 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 19:48 vuln.today

DescriptionCVE.org

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

AnalysisAI

Out-of-bounds read (buffer over-read) in Microsoft Office exposes sensitive memory contents to a local attacker who can induce a user to open a specially crafted file. Affecting a broad surface including Microsoft 365 Apps for Enterprise, Office LTSC 2021/2024, Office 2019, and mobile/Mac variants, the vulnerability carries a CVSS 4.7 (Medium) with high confidentiality impact but no integrity or availability consequence. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious Office document triggering over-read
Delivery
Deliver document to target via phishing or file share
Exploit
Target opens document in vulnerable Office build
Execution
Out-of-bounds read exposes adjacent memory contents
Impact
Sensitive in-memory data disclosed to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker deliver a crafted Office document to the target system and that a local user opens the document using a vulnerable version of Microsoft Office (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The aggregate risk signals collectively position this as a medium-priority, targeted-threat vulnerability rather than a broad exploit priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a specially structured Office document designed to trigger the out-of-bounds read in a specific Office parsing code path, then delivers it to a target via email, file share, or download. When the target opens the document on a vulnerable Office installation, the over-read exposes adjacent memory contents - potentially including in-memory credentials, session tokens, or sensitive document data from previously opened files - which could be exfiltrated via a secondary channel embedded in the document (e.g., a remote template or linked object fetch). …
Remediation Apply the vendor-released patch via Microsoft's standard Office update mechanism; the authoritative patch index is published at https://aka.ms/OfficeSecurityReleases and the MSRC advisory is available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-21509 HIGH
7.8 Jan 26

Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in sec

CVE-2026-21514 HIGH
7.8 Feb 10

Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input

CVE-2025-47957 HIGH POC
8.4 Jun 10

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary

CVE-2025-27751 HIGH POC
7.8 Apr 08

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C

CVE-2025-47165 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A

CVE-2025-47175 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb

CVE-2025-47171 MEDIUM POC
6.7 Jun 10

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2026-20944 HIGH
8.4 Jan 13

Microsoft Office Word contains an out-of-bounds read vulnerability that enables local code execution on affected systems

CVE-2026-20953 HIGH
8.4 Jan 13

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

CVE-2026-20952 HIGH
8.4 Jan 13

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

CVE-2026-45643 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word arises from an untrusted pointer dereference (CWE-822) that can be trigger

CVE-2026-45486 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers

Share

CVE-2026-45460 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy