Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
AnalysisAI
Out-of-bounds read (buffer over-read) in Microsoft Office exposes sensitive memory contents to a local attacker who can induce a user to open a specially crafted file. Affecting a broad surface including Microsoft 365 Apps for Enterprise, Office LTSC 2021/2024, Office 2019, and mobile/Mac variants, the vulnerability carries a CVSS 4.7 (Medium) with high confidentiality impact but no integrity or availability consequence. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker deliver a crafted Office document to the target system and that a local user opens the document using a vulnerable version of Microsoft Office (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The aggregate risk signals collectively position this as a medium-priority, targeted-threat vulnerability rather than a broad exploit priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a specially structured Office document designed to trigger the out-of-bounds read in a specific Office parsing code path, then delivers it to a target via email, file share, or download. When the target opens the document on a vulnerable Office installation, the over-read exposes adjacent memory contents - potentially including in-memory credentials, session tokens, or sensitive document data from previously opened files - which could be exfiltrated via a secondary channel embedded in the document (e.g., a remote template or linked object fetch). … |
| Remediation | Apply the vendor-released patch via Microsoft's standard Office update mechanism; the authoritative patch index is published at https://aka.ms/OfficeSecurityReleases and the MSRC advisory is available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in sec
Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A
Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Microsoft Office Word contains an out-of-bounds read vulnerability that enables local code execution on affected systems
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Local code execution in Microsoft Office Word arises from an untrusted pointer dereference (CWE-822) that can be trigger
Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35670
GHSA-8wpv-9rm8-hj6h