Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
File-parsing flaw needs the victim to open a crafted document, so UI:R and AV:L; code runs as the current user (S:U) with full C/I/A impact.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target to process a specially crafted Microsoft Office document via the vulnerable parser - in practice the victim (or a SharePoint server) must open or ingest attacker-supplied content, so delivery through email attachment, download, or upload is the enabling condition. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 8.4 with vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - high impact across confidentiality, integrity, and availability, low complexity, and no listed privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails or hosts a specially crafted Office document (for example a Word or Excel file) and lures a user into opening it; the malformed structure triggers the out-of-bounds read in the parser, corrupting memory to execute code with that user's privileges. For SharePoint, a crafted document processed server-side could trigger the flaw in the service context. … |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55045 for your specific Office or SharePoint SKU; click-to-run/Microsoft 365 Apps builds update automatically while MSI-based Office 2016/2019/LTSC and SharePoint require deployment of the corresponding monthly cumulative update. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory Microsoft Office and SharePoint versions deployed across the organization, specifically identifying systems running Office 2016, 2019, LTSC 2021/2024, 365 Apps, and SharePoint Enterprise Server 2016/2019/Subscription Edition. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44181
GHSA-65x2-ccc4-wp24