Microsoft
Monthly
Local code execution in Microsoft Office Excel (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) allows an attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted spreadsheet. The flaw stems from use of an uninitialized resource (CWE-908) and carries a CVSS 7.8; it requires user interaction (opening the file) and no prior privileges. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a vendor patch is available.
Local code execution in Microsoft Excel (Office 2016 through Office LTSC 2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) allows an attacker to run arbitrary code when a victim opens a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) triggered during file parsing, giving full confidentiality, integrity, and availability impact in the user's context. No public exploit identified at time of analysis, and it is not listed in CISA KEV, so exploitation currently appears theoretical rather than active.
Remote code execution in Microsoft Dynamics NAV 2018 allows an unauthorized, network-based attacker to run arbitrary code by submitting maliciously crafted serialized data that the application deserializes without validation (CWE-502). With a CVSS 9.8 vector requiring no authentication and no user interaction, successful exploitation grants full compromise of the ERP host. Microsoft has released a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Office Excel arises from a use-after-free (CWE-416) memory-corruption flaw affecting Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server. The CVSS 3.1 vector (AV:L/UI:R) makes this a user-interaction-dependent, locally-scoped issue: a victim must open a maliciously crafted Excel workbook, after which the attacker gains code execution in the user's security context. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an already-authenticated network user gain higher privileges by exploiting a missing authorization check (CWE-862). Any low-privileged account with access to the SharePoint web application can abuse the flaw to perform actions reserved for higher-privileged roles, with full confidentiality, integrity, and availability impact per the CVSS 8.8 rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted presentation file. An attacker who cannot log in to the target can still run code in the context of the current user by convincing that user to open the booby-trapped file, giving full confidentiality, integrity, and availability impact on the affected host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and their macOS variants) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted presentation file. Successful exploitation runs attacker-controlled code with the privileges of the current user, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Microsoft has released a patch.
Local code execution in Microsoft Office OneNote (Microsoft 365 Apps for Enterprise and Office for Mac editions) arises from a heap-based buffer overflow (CWE-122) that lets an attacker run arbitrary code in the context of the current user when a victim opens a maliciously crafted OneNote file. The CVSS 3.1 score is 7.8 with a local attack vector requiring user interaction (AV:L/UI:R), and impact is total across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Uninitialized memory disclosure in Microsoft Office exposes sensitive data locally when a user interacts with a crafted document. The vulnerability, rooted in CWE-908 (Use of Uninitialized Resource), affects the full breadth of current Office deployments across Windows and macOS, including Office 2016 through LTSC 2024 and Microsoft 365 Apps for Enterprise. No public exploit code has been identified at time of analysis, and SSVC signals confirm no observed exploitation; however, the High confidentiality impact warrants prompt patching given Office's ubiquitous deployment footprint.
Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.
Local code execution in Microsoft Office Word (CWE-416 use-after-free) allows an unauthorized attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted document. The flaw affects a broad Office footprint including Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and related SharePoint Server products that process Word documents. Microsoft has released a patch; no public exploit has been identified at time of analysis, and neither KEV nor EPSS/POC signals were provided in the input.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. Microsoft has published a fix, and there is no public exploit identified at time of analysis.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Stored/reflected cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an authenticated attacker inject script that executes in another user's browser session to spoof content over the network. Although Microsoft classifies the impact as 'spoofing,' the CVSS 3.1 vector rates confidentiality and integrity as High (C:H/I:H), indicating the injected script can access or alter sensitive session data. There is no public exploit identified at time of analysis, and a vendor patch is available.
Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.
Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Rated CVSS 7.8 with no privileges required but mandatory user interaction, successful exploitation yields full confidentiality, integrity, and availability impact in the context of the victim user. There is no public exploit identified at time of analysis and it is not on the CISA KEV list, but Microsoft has released a patch.
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for Mac) stems from a double free of heap memory (CWE-415) that lets an unauthorized attacker run arbitrary code when a victim opens a malicious document. The flaw was reported by Microsoft, carries CVSS 7.8, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires the target to open a crafted file (UI:R), it is a user-interaction-gated client-side RCE rather than a remotely-triggerable service bug.
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.
Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.
Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office 2016/2019/LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server family) results from a stack-based buffer overflow triggered when a victim opens a maliciously crafted spreadsheet. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in the context of that user, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the ubiquity of Excel and Microsoft's own advisory make this a routine patch-Tuesday-class priority.
Arbitrary local code execution in Microsoft Office Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the Office for Mac editions, and Office Online Server) lets an attacker run code in the current user's context when a victim opens a maliciously crafted spreadsheet. The flaw is an untrusted pointer dereference (CWE-822) triggered during file parsing; it requires user interaction but no prior privileges. No public exploit is identified at time of analysis, and a vendor patch is available from Microsoft (MSRC).
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. No public exploit code or active exploitation has been identified at time of analysis; SSVC rates exploitation as none and technical impact as partial, placing this in the moderate real-world priority tier despite the C:H CVSS rating.
Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.
Local code execution in Microsoft Office Word (across Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Word 2016) allows an attacker to run arbitrary code by exploiting a use-after-free memory corruption flaw when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 with a local attack vector requiring user interaction; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. Microsoft, which reported the issue itself, has released a patch.
Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Local code execution in Microsoft Excel (and the broader Office suite through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from an integer underflow (CWE-191) in Excel's file parsing, letting an attacker run arbitrary code in the context of the user who opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows no attacker privileges are needed but the victim must open the file, giving full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing across a network. The scope-changed CVSS 3.1 rating of 8.7 (vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) reflects the ability to break out of the vulnerable component's security context and impact victim data. Microsoft has released patches; there is no public exploit identified at time of analysis and CISA SSVC currently records exploitation as none.
Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and SharePoint Server) arises from a heap-based buffer overflow (CWE-122) that an unauthorized attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high confidentiality, integrity, and availability impact, meaning successful exploitation yields full code execution in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office makes it a high-priority patch target.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a type-confusion flaw (CWE-843) in how Excel parses spreadsheet content. An attacker who convinces a victim to open a malicious workbook can run arbitrary code in the context of the current user, gaining high confidentiality, integrity, and availability impact. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac 2021/2024) arises from a type-confusion flaw (CWE-843) that lets an attacker run code in the context of the current user when a victim opens a crafted file. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) reflecting local vector with required user interaction and high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available via MSRC.
Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) allows an authenticated attacker to inject script that executes in another user's browser session across a network. CVSS is 8.7 with a scope change, reflecting that injected content escapes into the victim's authenticated context; there is no public exploit identified at time of analysis and CISA SSVC rates exploitation status as none. A vendor patch is available via Microsoft MSRC.
Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables an authenticated attacker with low-privilege network access to inject malicious scripts into SharePoint pages, resulting in spoofing impacts when a victim user interacts with the crafted content. The CVSS vector (PR:L/UI:R) confirms exploitation requires both an existing authenticated account and victim interaction, constraining real-world risk relative to unauthenticated XSS variants. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog. Vendor patch is available via the Microsoft Security Response Center.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) stems from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted document. Rated CVSS 7.8 with high confidentiality, integrity, and availability impact, exploitation requires user interaction but no prior authentication, letting an attacker run arbitrary code in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix, so patching should be prioritized during the normal Patch Tuesday cycle.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Excel (Office 2016 through LTSC 2024, Microsoft 365 Apps, and Mac editions) allows an attacker to run arbitrary code by tricking a user into opening a maliciously crafted spreadsheet that triggers a type-confusion condition in Excel's file parser. The CVSS 3.1 score is 7.8 (High) with the local vector reflecting file-open exploitation rather than remote-network access, and success requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local code execution in Microsoft Office (365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow that an attacker triggers when a victim opens a maliciously crafted Office document. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office and the low attack complexity make this a meaningful patch priority.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024) arises from a use-after-free memory corruption flaw that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation runs arbitrary code in the context of the current user, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; Microsoft has published a patch via MSRC.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises from a use-after-free memory-corruption flaw (CWE-416) that lets an attacker run arbitrary code in the context of the current user after the victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, and requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available via MSRC.
Local code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation yields full code execution in the context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; SSVC rates current exploitation as none.
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a use-after-free (CWE-416) memory-corruption flaw triggered when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker can achieve full confidentiality, integrity, and availability impact but requires the victim to open a file, making it a classic phishing-delivered client-side bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Excel memory-corruption bugs are historically attractive targets.
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) stems from a use-after-free memory-corruption flaw (CWE-416). An attacker who convinces a user to open a specially crafted Office document can execute arbitrary code in the context of the current user, gaining full confidentiality, integrity, and availability impact. Exploitation requires user interaction (opening a malicious file) and there is no public exploit identified at time of analysis.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.
Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.
Local privilege escalation in Windows Runtime (WinRT) across Windows 10, Windows 11, and Windows Server 2019 through 2025 allows an already-authenticated attacker to win a race condition and gain SYSTEM-level privileges. The flaw stems from concurrent access to a shared resource without proper synchronization, and full C:H/I:H/A:H impact indicates complete host compromise once triggered. Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in the Windows Clipboard Server (Cliprdr/RDP clipboard virtual channel service) affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through 11 26H1 and Server 2025). An authenticated local attacker who can trigger a use-after-free (CWE-416) in the service can corrupt memory to run code at elevated (SYSTEM-level) privilege. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.
Remote code execution in Microsoft Windows OLE (Object Linking and Embedding) allows an unauthorized network attacker to run arbitrary code by triggering a type-confusion condition (CWE-843) in the OLE component. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025, and carries a CVSS 8.1 (High) rating. No privileges or authentication are required per the CVSS vector, though the high attack complexity (AC:H) means exploitation depends on winning a specific timing or memory-state condition; there is no public exploit identified at time of analysis and it is not on CISA KEV.
Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged attacker on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 corrupt kernel memory via a use-after-free and gain SYSTEM-level control. The CVSS 3.1 score of 8.8 is elevated by a scope change (S:C), reflecting that kernel compromise crosses the boundary from user context to the OS itself. Microsoft has released a patch; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Privilege escalation in Microsoft Windows DHCP Server (across Windows Server 2012 through 2025 and Windows 10 1607/1809) allows an authenticated attacker on an adjacent network to elevate privileges by triggering a heap-based buffer overflow (CWE-122). Exploitation yields full confidentiality, integrity, and availability impact (C:H/I:H/A:H) on the affected server, effectively giving the attacker high-privilege control of the DHCP service host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.
Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.
Local code execution in Microsoft Office Excel (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) allows an attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted spreadsheet. The flaw stems from use of an uninitialized resource (CWE-908) and carries a CVSS 7.8; it requires user interaction (opening the file) and no prior privileges. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a vendor patch is available.
Local code execution in Microsoft Excel (Office 2016 through Office LTSC 2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) allows an attacker to run arbitrary code when a victim opens a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) triggered during file parsing, giving full confidentiality, integrity, and availability impact in the user's context. No public exploit identified at time of analysis, and it is not listed in CISA KEV, so exploitation currently appears theoretical rather than active.
Remote code execution in Microsoft Dynamics NAV 2018 allows an unauthorized, network-based attacker to run arbitrary code by submitting maliciously crafted serialized data that the application deserializes without validation (CWE-502). With a CVSS 9.8 vector requiring no authentication and no user interaction, successful exploitation grants full compromise of the ERP host. Microsoft has released a patch via MSRC; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Office Excel arises from a use-after-free (CWE-416) memory-corruption flaw affecting Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server. The CVSS 3.1 vector (AV:L/UI:R) makes this a user-interaction-dependent, locally-scoped issue: a victim must open a maliciously crafted Excel workbook, after which the attacker gains code execution in the user's security context. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an already-authenticated network user gain higher privileges by exploiting a missing authorization check (CWE-862). Any low-privileged account with access to the SharePoint web application can abuse the flaw to perform actions reserved for higher-privileged roles, with full confidentiality, integrity, and availability impact per the CVSS 8.8 rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft PowerPoint (and the broader Microsoft Office/365 suite on Windows and macOS) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted presentation file. An attacker who cannot log in to the target can still run code in the context of the current user by convincing that user to open the booby-trapped file, giving full confidentiality, integrity, and availability impact on the affected host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local code execution in Microsoft Office PowerPoint (including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and their macOS variants) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted presentation file. Successful exploitation runs attacker-controlled code with the privileges of the current user, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Microsoft has released a patch.
Local code execution in Microsoft Office OneNote (Microsoft 365 Apps for Enterprise and Office for Mac editions) arises from a heap-based buffer overflow (CWE-122) that lets an attacker run arbitrary code in the context of the current user when a victim opens a maliciously crafted OneNote file. The CVSS 3.1 score is 7.8 with a local attack vector requiring user interaction (AV:L/UI:R), and impact is total across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.
Local code execution in Microsoft Office PowerPoint (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted presentation file. The flaw affects a broad Office footprint - PowerPoint 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and multiple Office for Mac builds - and requires user interaction (opening the file) but no prior privileges. A vendor patch is available via MSRC; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Uninitialized memory disclosure in Microsoft Office exposes sensitive data locally when a user interacts with a crafted document. The vulnerability, rooted in CWE-908 (Use of Uninitialized Resource), affects the full breadth of current Office deployments across Windows and macOS, including Office 2016 through LTSC 2024 and Microsoft 365 Apps for Enterprise. No public exploit code has been identified at time of analysis, and SSVC signals confirm no observed exploitation; however, the High confidentiality impact warrants prompt patching given Office's ubiquitous deployment footprint.
Local code execution in Microsoft Word (Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024) arises from a heap-based buffer overflow triggered when a victim opens a maliciously crafted document. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in that user's context, achieving full compromise of confidentiality, integrity, and availability on the host. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though a vendor patch is available per Microsoft's MSRC advisory.
Local code execution in Microsoft Office Word (CWE-416 use-after-free) allows an unauthorized attacker to run arbitrary code in the context of the current user when a victim opens a maliciously crafted document. The flaw affects a broad Office footprint including Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and related SharePoint Server products that process Word documents. Microsoft has released a patch; no public exploit has been identified at time of analysis, and neither KEV nor EPSS/POC signals were provided in the input.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by getting a victim to open a maliciously crafted Office document. Rated CVSS 7.8 with high impact to confidentiality, integrity, and availability, exploitation requires user interaction but no prior authentication or privileges. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch via the MSRC update guide.
Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. Microsoft has published a fix, and there is no public exploit identified at time of analysis.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted document. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, meaning code runs in the context of the current user. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available via MSRC.
Local code execution in Microsoft Office Word (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Word 2016, and the macOS builds) arises from a stack-based buffer overflow triggered when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated attacker needs no privileges but does require user interaction, and successful exploitation yields full confidentiality, integrity, and availability impact in the user's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Stored/reflected cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an authenticated attacker inject script that executes in another user's browser session to spoof content over the network. Although Microsoft classifies the impact as 'spoofing,' the CVSS 3.1 vector rates confidentiality and integrity as High (C:H/I:H), indicating the injected script can access or alter sensitive session data. There is no public exploit identified at time of analysis, and a vendor patch is available.
Arbitrary code execution in Microsoft Office Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet, running code in the security context of the current user. The flaw spans a broad Office footprint including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office editions, and Office Online Server. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 7.8 rating reflects high impact gated by required user interaction.
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
Information disclosure in Microsoft Office Excel (2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) lets an attacker read out-of-bounds memory when a victim opens a maliciously crafted spreadsheet, potentially leaking sensitive process data such as memory contents, pointers, or credentials. Rated CVSS 7.1 with a local attack vector requiring user interaction, the flaw stems from a CWE-125 out-of-bounds read in Excel's file parser. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Excel and Microsoft's confirmed patch make prompt patching important.
Local code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by luring a victim into opening a maliciously crafted spreadsheet, yielding attacker code in the user's security context. It affects a broad Office family including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS editions, and Office Online Server. The CVSS 3.1 base score is 7.8 and the vector requires user interaction (UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow (CWE-122) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Rated CVSS 7.8 with no privileges required but mandatory user interaction, successful exploitation yields full confidentiality, integrity, and availability impact in the context of the victim user. There is no public exploit identified at time of analysis and it is not on the CISA KEV list, but Microsoft has released a patch.
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for Mac) stems from a double free of heap memory (CWE-415) that lets an unauthorized attacker run arbitrary code when a victim opens a malicious document. The flaw was reported by Microsoft, carries CVSS 7.8, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires the target to open a crafted file (UI:R), it is a user-interaction-gated client-side RCE rather than a remotely-triggerable service bug.
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-based buffer overflow (CWE-121) that an attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 vector (AV:L/UI:R) confirms this is a file-borne, local-context flaw requiring the user to open attacker-supplied content, yielding full confidentiality, integrity, and availability impact in the user's session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch via MSRC.
Local code execution in Microsoft Office Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker weaponizes by luring a victim into opening a crafted spreadsheet, yielding code execution in the user's security context. The flaw carries a CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) and requires no privileges but does require user interaction. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Microsoft Excel (spanning Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) allows an unauthorized attacker to run code in the victim's context by tricking them into opening a maliciously crafted spreadsheet. The flaw is a heap-based buffer overflow (CWE-122) that executes with the local user's privileges once the file is opened. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Local code execution in Microsoft Office Word (via a stack-based buffer overflow, CWE-121) lets an attacker run arbitrary code in the context of the user who opens a maliciously crafted document. The flaw affects Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024 (including Mac editions), and the Word component shared with SharePoint Server 2016/2019/Subscription Edition. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires the victim to open the attacker's file (UI:R).
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from an out-of-bounds read (CWE-125) triggered when a victim opens a maliciously crafted spreadsheet. CVSS 7.8 with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis. Exploitation requires user interaction (opening the file) but no prior authentication or privileges on the target beyond the ability to induce the user to open the document.
Local arbitrary code execution in Microsoft Excel arises from a buffer over-read (CWE-126) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run code in the context of the current user. The flaw spans Office 2016/2019, Microsoft 365 Apps, Office LTSC 2021/2024 (Windows and Mac) and Office Online Server; a vendor patch is available via MSRC. No public exploit has been identified at time of analysis, and the CVSS 7.8 (AV:L/UI:R) rating reflects that user interaction is required.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted document. Rated CVSS 7.8 (AV:L/UI:R), an attacker who convinces a victim to open a weaponized file can run arbitrary code in the context of the current user. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local code execution in Microsoft Excel (and the broader Office 2016/2019/LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server family) results from a stack-based buffer overflow triggered when a victim opens a maliciously crafted spreadsheet. An attacker who convinces a user to open a booby-trapped file can run arbitrary code in the context of that user, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the ubiquity of Excel and Microsoft's own advisory make this a routine patch-Tuesday-class priority.
Arbitrary local code execution in Microsoft Office Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the Office for Mac editions, and Office Online Server) lets an attacker run code in the current user's context when a victim opens a maliciously crafted spreadsheet. The flaw is an untrusted pointer dereference (CWE-822) triggered during file parsing; it requires user interaction but no prior privileges. No public exploit is identified at time of analysis, and a vendor patch is available from Microsoft (MSRC).
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted Word document that triggers a heap-based buffer overflow. All impacted SKUs - Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and SharePoint Server (which renders Office documents server-side) - are affected, and Microsoft has released a patch. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Untrusted pointer dereference (CWE-822) in Microsoft Excel allows a local attacker to disclose sensitive memory contents when a victim opens a specially crafted workbook. The flaw affects a broad swath of Microsoft Office product lines - from Excel 2016 through Office LTSC 2024 and their Mac counterparts - as confirmed by CPE enumeration. No public exploit code or active exploitation has been identified at time of analysis; SSVC rates exploitation as none and technical impact as partial, placing this in the moderate real-world priority tier despite the C:H CVSS rating.
Local code execution in Microsoft Excel (and the broader Office family including Microsoft 365 Apps for Enterprise, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) stems from a heap-based buffer overflow that triggers when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker gains full code execution in the victim's context but only after the target opens the file. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC CVE-2026-55041).
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer overflow in the file-parsing path, letting an attacker who convinces a victim to open a crafted document run arbitrary code with the victim's privileges. It affects a broad Office footprint including Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, the macOS editions, and SharePoint Server 2016/2019/Subscription Edition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the 7.8 CVSS and Word's ubiquity make it a routine priority patch.
Local code execution in Microsoft Office Word (across Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Word 2016) allows an attacker to run arbitrary code by exploiting a use-after-free memory corruption flaw when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 with a local attack vector requiring user interaction; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. Microsoft, which reported the issue itself, has released a patch.
Local arbitrary code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the flaw requires user interaction but no prior privileges, yielding full high-impact compromise of confidentiality, integrity, and availability in the user's context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation status is not currently confirmed.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, 365 Apps, and the macOS builds) stems from an out-of-bounds read in a file-parsing routine that lets a crafted document corrupt memory and run attacker-controlled code in the context of the current user. The same document-parsing components also affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Local code execution in Microsoft Excel (and the broader Office suite through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from an integer underflow (CWE-191) in Excel's file parsing, letting an attacker run arbitrary code in the context of the user who opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows no attacker privileges are needed but the victim must open the file, giving full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Arbitrary code execution in Microsoft Excel (across Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a heap-based buffer overflow (CWE-122) that triggers when a victim opens a maliciously crafted spreadsheet. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms this is a local, user-interaction-dependent file-format attack rather than a remote network exploit, yielding code execution in the context of the current user. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; a Microsoft patch is available.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing across a network. The scope-changed CVSS 3.1 rating of 8.7 (vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) reflects the ability to break out of the vulnerable component's security context and impact victim data. Microsoft has released patches; there is no public exploit identified at time of analysis and CISA SSVC currently records exploitation as none.
Local code execution in Microsoft Excel (spanning Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024, the macOS Office builds, and Office Online Server) arises from an integer overflow (CWE-190) triggered when the application parses a maliciously crafted spreadsheet. An unauthorized attacker who convinces a victim to open a booby-trapped file can run arbitrary code in the context of the current user, with full confidentiality, integrity, and availability impact per the 7.8 CVSS vector. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office Excel (spanning Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, the macOS builds, and Office Online Server) arises from an out-of-bounds read (CWE-125) that an attacker triggers by convincing a user to open a maliciously crafted workbook. The CVSS 3.1 base score is 7.8 with high confidentiality, integrity, and availability impact, but exploitation requires user interaction (opening the file) and no active exploitation or public proof-of-concept has been reported. There is no public exploit identified at time of analysis; Microsoft has released a patch via its Security Update Guide.
Local code execution in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, LTSC 2021/2024, Office for Mac, and SharePoint Server) arises from a heap-based buffer overflow (CWE-122) that an unauthorized attacker triggers when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high confidentiality, integrity, and availability impact, meaning successful exploitation yields full code execution in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office makes it a high-priority patch target.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local code execution in Microsoft Excel (Microsoft 365 Apps, Office 2019/LTSC 2021/2024, Office for Mac, and Office Online Server) arises from a type-confusion flaw (CWE-843) in how Excel parses spreadsheet content. An attacker who convinces a victim to open a malicious workbook can run arbitrary code in the context of the current user, gaining high confidentiality, integrity, and availability impact. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local arbitrary code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac 2021/2024) arises from a type-confusion flaw (CWE-843) that lets an attacker run code in the context of the current user when a victim opens a crafted file. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) reflecting local vector with required user interaction and high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available via MSRC.
Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) allows an authenticated attacker to inject script that executes in another user's browser session across a network. CVSS is 8.7 with a scope change, reflecting that injected content escapes into the victim's authenticated context; there is no public exploit identified at time of analysis and CISA SSVC rates exploitation status as none. A vendor patch is available via Microsoft MSRC.
Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables an authenticated attacker with low-privilege network access to inject malicious scripts into SharePoint pages, resulting in spoofing impacts when a victim user interacts with the crafted content. The CVSS vector (PR:L/UI:R) confirms exploitation requires both an existing authenticated account and victim interaction, constraining real-world risk relative to unauthenticated XSS variants. No public exploit identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog. Vendor patch is available via the Microsoft Security Response Center.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office for Mac) stems from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted document. Rated CVSS 7.8 with high confidentiality, integrity, and availability impact, exploitation requires user interaction but no prior authentication, letting an attacker run arbitrary code in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix, so patching should be prioritized during the normal Patch Tuesday cycle.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Excel (Office 2016 through LTSC 2024, Microsoft 365 Apps, and Mac editions) allows an attacker to run arbitrary code by tricking a user into opening a maliciously crafted spreadsheet that triggers a type-confusion condition in Excel's file parser. The CVSS 3.1 score is 7.8 (High) with the local vector reflecting file-open exploitation rather than remote-network access, and success requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Local code execution in Microsoft Office (365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow that an attacker triggers when a victim opens a maliciously crafted Office document. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of Office and the low attack complexity make this a meaningful patch priority.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and Office for Mac 2021/2024) arises from a use-after-free memory corruption flaw that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation runs arbitrary code in the context of the current user, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; Microsoft has published a patch via MSRC.
Local code execution in Microsoft Office (2016, 2019, LTSC 2021/2024, Microsoft 365 Apps, and the macOS editions) arises from a use-after-free memory-corruption flaw (CWE-416) that lets an attacker run arbitrary code in the context of the current user after the victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R) with high impact to confidentiality, integrity, and availability, and requires user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available via MSRC.
Local code execution in Microsoft Office (Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) arises from a heap-based buffer overflow (CWE-122) that an attacker triggers by convincing a user to open a maliciously crafted Office document. Successful exploitation yields full code execution in the context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; SSVC rates current exploitation as none.
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Local code execution in Microsoft Office Excel (across Microsoft 365 Apps for Enterprise, Office 2019, Office LTSC 2021/2024, and their macOS equivalents) arises from a use-after-free (CWE-416) memory-corruption flaw triggered when a user opens a maliciously crafted spreadsheet. The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates an unauthenticated attacker can achieve full confidentiality, integrity, and availability impact but requires the victim to open a file, making it a classic phishing-delivered client-side bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Excel memory-corruption bugs are historically attractive targets.
Local code execution in Microsoft Office (including Microsoft 365 Apps for Enterprise, Office 2016/2019, and Office LTSC 2021/2024) stems from a use-after-free memory-corruption flaw (CWE-416). An attacker who convinces a user to open a specially crafted Office document can execute arbitrary code in the context of the current user, gaining full confidentiality, integrity, and availability impact. Exploitation requires user interaction (opening a malicious file) and there is no public exploit identified at time of analysis.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.
Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.
Local privilege escalation in Windows Runtime (WinRT) across Windows 10, Windows 11, and Windows Server 2019 through 2025 allows an already-authenticated attacker to win a race condition and gain SYSTEM-level privileges. The flaw stems from concurrent access to a shared resource without proper synchronization, and full C:H/I:H/A:H impact indicates complete host compromise once triggered. Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in the Windows Clipboard Server (Cliprdr/RDP clipboard virtual channel service) affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through 11 26H1 and Server 2025). An authenticated local attacker who can trigger a use-after-free (CWE-416) in the service can corrupt memory to run code at elevated (SYSTEM-level) privilege. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.
Remote code execution in Microsoft Windows OLE (Object Linking and Embedding) allows an unauthorized network attacker to run arbitrary code by triggering a type-confusion condition (CWE-843) in the OLE component. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025, and carries a CVSS 8.1 (High) rating. No privileges or authentication are required per the CVSS vector, though the high attack complexity (AC:H) means exploitation depends on winning a specific timing or memory-state condition; there is no public exploit identified at time of analysis and it is not on CISA KEV.
Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged attacker on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 corrupt kernel memory via a use-after-free and gain SYSTEM-level control. The CVSS 3.1 score of 8.8 is elevated by a scope change (S:C), reflecting that kernel compromise crosses the boundary from user context to the OS itself. Microsoft has released a patch; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Privilege escalation in Microsoft Windows DHCP Server (across Windows Server 2012 through 2025 and Windows 10 1607/1809) allows an authenticated attacker on an adjacent network to elevate privileges by triggering a heap-based buffer overflow (CWE-122). Exploitation yields full confidentiality, integrity, and availability impact (C:H/I:H/A:H) on the affected server, effectively giving the attacker high-privilege control of the DHCP service host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Remote code execution in the Microsoft Windows DHCP Server role (Windows Server 2012 through 2025, plus Windows 10 1607/1809) arises from a double-free (CWE-415) condition that an authorized, network-adjacent attacker can trigger to run arbitrary code in the DHCP service context. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N) indicates a network-reachable but high-complexity attack requiring low-level privileges, with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and no CISA KEV listing, so exploitation appears theoretical rather than active for now.
Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.