Skip to main content

Microsoft Office EUVDEUVD-2026-35508

| CVE-2026-47635 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-qx8j-c4w9-7qr2
8.4
CVSS 3.1 · Vendor: microsoft
Temporal: 7.3
Share

Severity by source

Vendor (microsoft) PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.3 HIGH
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 17:54 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.4

DescriptionCVE.org

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Microsoft Office stems from a type confusion condition (CWE-122 heap-based memory corruption per tags) that allows an unauthorized attacker to run arbitrary code on the host. The CVSS 8.4 vector indicates local attack vector with no privileges or user interaction required, and no public exploit is identified at time of analysis. The flaw was reported by Microsoft's MSRC and disclosed via the official update guide.

Technical ContextAI

The vulnerability is rooted in CWE-122 (heap-based buffer overflow) realized through a type confusion primitive - Office code accesses a memory resource as one type when it was actually allocated or initialized as another, causing out-of-bounds heap reads/writes that corrupt adjacent objects (function pointers, vtables, or COM interfaces). Microsoft Office's document parsers (Word, Excel, PowerPoint, Outlook preview pane) historically expose this class of bug via complex binary formats (OLE/CFB, OOXML embedded objects, RTF, EMF) and embedded scripting/COM type marshaling. Successful triggering of the type confusion grants attacker-controlled writes that pivot to native code execution within the Office process context.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-47635 published through the MSRC Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47635 via Microsoft Update, WSUS, Intune, or Click-to-Run channels as appropriate for each Office edition; specific KB/build numbers were not included in the input data and must be retrieved from the advisory. As compensating controls until patching completes, enforce Protected View for files from the Internet and Outlook attachments (side effect: users must explicitly enable editing, breaking some macro-driven workflows), enable Attack Surface Reduction rules such as 'Block Office applications from creating child processes' and 'Block Office applications from injecting code into other processes' via Microsoft Defender (side effect: may interfere with legitimate add-ins or automation), block inbound Office document file types at the email gateway or quarantine for sandbox detonation (side effect: business friction with external partners), and disable embedded object/OLE handling via Group Policy for the affected file formats where business processes permit (side effect: breaks documents that rely on embedded spreadsheets or charts).

CVE-2026-45643 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word arises from an untrusted pointer dereference (CWE-822) that can be trigger

CVE-2026-45486 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers

CVE-2026-45475 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthentica

CVE-2026-45471 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word enables an attacker to run arbitrary code in the context of the current us

CVE-2026-45457 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word is possible through an untrusted pointer dereference (CWE-125 out-of-bound

CVE-2026-44824 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a

CVE-2026-44819 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a he

CVE-2026-45456 HIGH
8.4 Jun 09

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attac

CVE-2026-45463 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can

CVE-2026-45474 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker

CVE-2026-45472 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitra

CVE-2026-45461 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitra

Share

EUVD-2026-35508 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy