Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a user on the target system to open an attacker-crafted Microsoft Office document and for the vulnerable file-format parser code path to be reached (UI:R in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and lean toward 'serious but not emergency.' The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H describes a local attack vector with low complexity, no privileges, and required user interaction - consistent with a document-open exploitation model rather than a remote unauthenticated worm. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a target a malicious Office document (or hosts it on a web share or in a phishing landing page) and persuades the user to open it and dismiss Protected View. When the vulnerable parser processes the crafted record, the heap overflow corrupts an object on the heap and the attacker gains code execution in the context of the Office process, from which they can drop malware, harvest credentials, or pivot. … |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-45475 published on the Microsoft Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475 across all Office installations (Microsoft 365 Apps, Office LTSC, and any supported perpetual Office releases listed by Microsoft); the input does not specify exact KB or build numbers, so consult the advisory for the authoritative fixed builds. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Establish monitoring for Microsoft Security Response Center (MSRC) updates on CVE-2026-45475; brief IT leadership on patch timeline gaps. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in sec
Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A
Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Microsoft Office Word contains an out-of-bounds read vulnerability that enables local code execution on affected systems
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]
Local code execution in Microsoft Office Word arises from an untrusted pointer dereference (CWE-822) that can be trigger
Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35647
GHSA-fq8x-mrpc-mqxw