Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Malicious document must be opened locally by the user (AV:L, UI:R) with no prior privileges (PR:N); memory-corruption RCE in the user's context yields full C/I/A impact, scope unchanged.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
AnalysisAI
Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open or preview an attacker-crafted Word document on an unpatched Office/Microsoft 365 build (the UI:R user-interaction requirement is the primary limiting factor); no attacker authentication or prior privileges are needed (PR:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 7.8) describes the classic 'open a malicious document' pattern: local attack vector, no privileges required, but mandatory user interaction, with high impact to confidentiality, integrity, and availability limited to the current user's context (scope unchanged). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a crafted Word document (or hosts it on a shared/SharePoint site) and social-engineers the target into opening it; the malformed structure overflows a stack buffer in Word's parser and executes attacker-supplied code as the current user, enabling malware installation or credential theft. Given AV:L and UI:R, the attack hinges on delivery and convincing the victim to open the file rather than any network-service exploitation. … |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55055 across all affected Office/Microsoft 365 channels and the impacted SharePoint Server editions (2016, 2019, Subscription Edition); exact fixed build numbers are listed in that MSRC entry and should be matched to each deployed channel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Microsoft Office installations (Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021 and 2024 on Windows and Mac, and SharePoint Server 2016/2019/Subscription Edition); alert users to avoid opening Office documents from untrusted external sources; verify email gateway filtering is active. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and O
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arise
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, a
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker r
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024)
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44196
GHSA-pwfq-7wq2-v4wr