Word
Monthly
Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.
Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.
Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.