Primary

Context

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects several different versions and editions of Microsoft Office, including Office 2016, Office 2019, Office 2021, and various LTSC for Mac versions. The vulnerability can be exploited through the Preview Pane.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC for Mac 2021 and 2024, security updates will be released as soon as possible, with customers being notified via a revision to the CVE information.

Added: Sep 9, 2025, 6:06 PM

Updated: Sep 9, 2025, 6:06 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating