Primary

Context

Microsoft Office Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in multiple Microsoft Office products, including Office LTSC 2024, Office LTSC 2021, and Microsoft 365 Apps for Enterprise. This vulnerability arises from a use-after-free error, allowing an attacker to execute arbitrary code on the affected system. The issue requires local access and user interaction to exploit.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. Instructions for downloading this update can be found on the Microsoft Office Update Guidance page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office LTSC 2024

Microsoft 365 Apps for Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating