Primary

Context

Microsoft Office Use-After-Free Vulnerability Allowing Local Code Execution

Vulnerability

Patched

A use-after-free vulnerability has been identified in Microsoft Office, which allows an unauthorized attacker to execute code locally. This vulnerability affects multiple Office products, including Office 2016, Office LTSC 2024, Office for Android, and several versions of Office 2019 and 2021. The vulnerability arises from improper memory management, leading to a use-after-free condition that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can apply the security update available through the Microsoft Update Catalog or via the Microsoft 365 Apps security update channel. Specific update details can be found in the Microsoft Knowledge Base article 5002730.

Added: Jun 10, 2025, 7:06 PM

Updated: Jun 10, 2025, 7:06 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Use-After-Free Vulnerability Allowing Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office

Microsoft Office LTSC

Microsoft Office for Android

Microsoft 365 Apps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating