Skip to main content

Microsoft Excel EUVDEUVD-2026-35660

| CVE-2026-44817 HIGH
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-06-09 secure@microsoft.com GHSA-2p34-ppjg-jr32
7.8
CVSS 3.1 · Vendor: microsoft
Temporal: 6.8
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:31 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionCVE.org

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Microsoft Office Excel arises from an integer underflow condition that corrupts memory when a malicious spreadsheet is opened. The flaw requires user interaction (UI:R) to trigger but needs no prior authentication, enabling attackers to run arbitrary code in the security context of the victim user. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious Excel workbook with underflow trigger
Delivery
Deliver via phishing email or shared link
Exploit
Victim opens file and dismisses Protected View
Execution
Integer underflow corrupts memory in excel.exe
Persist
Hijack control flow to attacker shellcode
Impact
Execute arbitrary code as the user

Vulnerability AssessmentAI

Exploitation The victim must open an attacker-supplied Excel workbook in a vulnerable build of Microsoft Office Excel - the CVSS vector confirms local attack vector (AV:L) with required user interaction (UI:R) and no prior authentication (PR:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields a base score of 7.8 (High), reflecting a local attack vector that nonetheless delivers full confidentiality, integrity, and availability impact once a user opens a crafted file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious Excel workbook that triggers the integer underflow when parsed and delivers it via phishing email, a OneDrive/SharePoint share, or a watering-hole download. When the victim opens the file and dismisses Protected View (or the file is delivered through a trusted channel that bypasses it), the underflow corrupts memory inside excel.exe and yields arbitrary code execution at the user's privilege level, which the attacker uses for initial access and credential theft.
Remediation Apply the patch available per vendor advisory by installing the corresponding Microsoft Patch Tuesday update for Excel referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817 across all affected Office channels (Microsoft 365 Apps Current/Monthly Enterprise, Semi-Annual, and standalone Office 2019/2021/2024 builds); exact fix build numbers are listed in that MSRC entry and should be taken from there directly rather than inferred. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of Excel usage patterns; communicate vulnerability advisory to all users emphasizing file source validation and suspicious file reporting. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-21509 HIGH
7.8 Jan 26

Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in sec

CVE-2026-21514 HIGH
7.8 Feb 10

Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input

CVE-2025-47957 HIGH POC
8.4 Jun 10

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary

CVE-2025-27751 HIGH POC
7.8 Apr 08

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C

CVE-2025-47165 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A

CVE-2025-47175 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb

CVE-2025-47171 MEDIUM POC
6.7 Jun 10

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2026-20944 HIGH
8.4 Jan 13

Microsoft Office Word contains an out-of-bounds read vulnerability that enables local code execution on affected systems

CVE-2026-20953 HIGH
8.4 Jan 13

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

CVE-2026-20952 HIGH
8.4 Jan 13

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

CVE-2026-45643 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word arises from an untrusted pointer dereference (CWE-822) that can be trigger

CVE-2026-45486 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers

Share

EUVD-2026-35660 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy