Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Malicious document must be opened by a user (AV:L, UI:R) with no prior auth (PR:N); reliable overflow yields full code execution in user context, so C/I/A:H and S:U.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim to open an attacker-crafted Word/Office document (UI:R in the CVSS vector), so it is not remotely triggerable without user action; no prior authentication or privileges on the target are needed (PR:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - the 'local' attack vector combined with 'user interaction required' is the classic malicious-document profile: the attacker cannot reach the target over the network directly but instead relies on a user opening a booby-trapped file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Word document that triggers the heap overflow and delivers it via phishing email, a shared link, or a web download. When the victim opens the file, the overflow corrupts the heap and executes attacker-supplied code with the user's privileges, giving the attacker a foothold for follow-on actions such as credential theft or lateral movement. … |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-55127 as documented at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55127, selecting the fixed build that matches each installed SKU (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the Mac editions, and SharePoint Server 2016/2019/Subscription Edition); the input does not include exact fixed build numbers, so retrieve them from the MSRC update guide before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, create an inventory of all Microsoft Office installations across your organization including Office 2019, Microsoft 365 Apps for Enterprise, Office LTSC 2021/2024, macOS Office editions, and on-premises SharePoint Server. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44189
GHSA-3hh6-685p-ww7j