Volerion logoVolerion
Volerion logoVolerion

Microsoft Office Use-After-Free Vulnerability Allowing Local Code Execution

Vulnerability

A use-after-free vulnerability has been identified in Microsoft Office, which allows an unauthorized attacker to execute code locally. This vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office LTSC for Mac 2024, Office LTSC 2024, Office LTSC 2021, and Microsoft 365 Apps for Enterprise. The vulnerability arises from improper memory management, leading to a use-after-free condition that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Users can apply the security update KB5002756 for Microsoft Office 2016 (32-bit and 64-bit editions) or follow the update instructions for Microsoft Office LTSC 2024, LTSC 2021, or Microsoft 365 Apps for Enterprise. For Microsoft Office LTSC for Mac 2021 or 2024, the security update is available through the Mac App Store.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
10.0
exploitability
4.4
remediation
7.7
relevance
0.4
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.