Skip to main content

Microsoft Powerpoint 2016

3 CVEs product

Monthly

CVE-2026-55120 HIGH PATCH NEWS Exploit Unlikely This Week

Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted presentation file. An attacker who cannot log in to the target can still run code in the context of the current user by convincing that user to open the booby-trapped file, giving full confidentiality, integrity, and availability impact on the affected host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55123 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and their macOS variants) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted presentation file. Successful exploitation runs attacker-controlled code with the privileges of the current user, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55043 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Office 2019 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted presentation file. An attacker who cannot log in to the target can still run code in the context of the current user by convincing that user to open the booby-trapped file, giving full confidentiality, integrity, and availability impact on the affected host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and their macOS variants) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted presentation file. Successful exploitation runs attacker-controlled code with the privileges of the current user, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy