EUVD-2025-17762

| CVE-2025-47957 HIGH
2025-06-10 [email protected]
8.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17762
PoC Detected
Jul 09, 2025 - 13:33 vuln.today
Public exploit code
CVE Published
Jun 10, 2025 - 17:24 nvd
HIGH 8.4

Tags

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel 365 Apps

Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Analysis

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

Technical Context

This vulnerability is rooted in CWE-416 (Use After Free), a memory safety defect where the Word application attempts to access or manipulate memory that has already been deallocated or freed. This typically occurs in C/C++ codebases like Microsoft Office when object lifecycle management fails—either through improper reference counting, race conditions in multi-threaded code, or incorrect cleanup of dynamically allocated structures in Word's document processing engine. The vulnerability resides in Word's core document parsing or rendering subsystem, likely triggered during document loading or macro processing. The Local Attack Vector (AV:L) and No Privileges Required (PR:N) indicate exploitation requires code execution context on the target machine, but not administrative elevation to trigger the initial flaw.

Affected Products

Specific version information is not provided in the CVE description or references field. Based on vulnerability type and vendor, likely affected products include: Microsoft Office Word (2016, 2019, 2021, Office 365 subscription versions). Precise CPE strings would be: cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:* or cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:* (specific version range requires Microsoft Security Advisory). Consult Microsoft's official security bulletin (typically published on Microsoft Security Update Guide at portal.msrc.microsoft.com) for exact affected builds and version numbers. Updates are generally released through Windows Update, Microsoft Update, or Office 365 automatic patching.

Remediation

1. PATCH: Apply the latest Microsoft Office security update from Microsoft Security Update Guide (portal.msrc.microsoft.com). Filter by CVE-2025-47957 to identify applicable KB articles and patch versions. 2. INTERIM MITIGATIONS (if patch unavailable): Restrict local access to systems running Word; disable macros and ActiveX controls; enforce application whitelisting to prevent arbitrary code execution; monitor for suspicious Word process behavior (e.g., spawning shells or loading unexpected libraries). 3. DETECTION: Monitor process creation, memory access patterns, and file operations initiated by winword.exe; log document opens from untrusted sources. 4. DEPLOYMENT: Prioritize patching multi-user systems, shared workstations, and kiosks where local code execution is high-risk.

Priority Score

63
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +42
POC: +20

Share

EUVD-2025-17762 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy