Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
File must be opened locally by a user (AV:L, UI:R) with no prior privileges (PR:N); memory-corruption code execution yields full C:H/I:H/A:H in the user's context (S:U).
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a maliciously crafted Excel document - the CVSS vector explicitly includes UI:R (user interaction required) and AV:L (local), so this is not remotely triggerable without user action. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) indicates a local attack vector with low complexity, no required privileges, but mandatory user interaction - consistent with a file-open exploitation model rather than a remotely triggerable network flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a target a crafted .xlsx/.xls file (or hosts it on a shared drive or SharePoint), relying on low-complexity social engineering to get the user to open it. On open, Excel's parser overflows a heap buffer and the crafted content redirects execution, running attacker code with the victim's privileges. … |
| Remediation | Apply the Microsoft-released security update for your Office channel as the primary fix - patch is available per vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50675; the exact fixed build number is not enumerated in the provided data, so pull the version corresponding to your specific product (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, or Office Online Server) from that MSRC page. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems running affected Microsoft Office versions-Excel in Office 2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac-and issue user guidance against opening Excel files from external or untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44037
GHSA-p2vq-f9rc-v3c2