Microsoft Office 2019
Monthly
Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.
Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.
Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali
Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi
Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.
Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.
Out-of-bounds read vulnerability (CWE-125) in Microsoft Excel allows local attackers to disclose sensitive memory contents and cause denial of service through maliciously crafted spreadsheet files with user interaction. Affects Microsoft Office 2016/2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office Online Server across Windows and macOS platforms. CVSS 7.1 reflects high confidentiality and availability impact with low attack complexity but requires local access and user interaction. No public exploit identified at time of analysis. Vendor-released patches available through Microsoft Security Response Center covering all affected Office product lines.
Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.
Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.
Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali
Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi
Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.
Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.
Out-of-bounds read vulnerability (CWE-125) in Microsoft Excel allows local attackers to disclose sensitive memory contents and cause denial of service through maliciously crafted spreadsheet files with user interaction. Affects Microsoft Office 2016/2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office Online Server across Windows and macOS platforms. CVSS 7.1 reflects high confidentiality and availability impact with low attack complexity but requires local access and user interaction. No public exploit identified at time of analysis. Vendor-released patches available through Microsoft Security Response Center covering all affected Office product lines.