EUVD-2026-22633
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
AnalysisAI
Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all deployed Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 instances across Windows and Mac endpoints using asset management tools. Within 7 days: Apply Microsoft vendor-released patch available via Microsoft Security Response Center as of April 2026 to all affected instances; prioritize systems handling sensitive data and privileged user workstations. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today