Volerion logoVolerion
Volerion logoVolerion

Microsoft Windows COM Objects Inbox Use-After-Free Vulnerability Leading to Local Remote Code Execution

Vulnerability

A use-after-free vulnerability has been identified in Inbox COM Objects, allowing an unauthorized attacker to execute code locally. This vulnerability arises from improper memory management, which can be exploited by sending a malicious file to the user and convincing them to open it. The issue requires navigating a race condition, adding to the complexity of successful exploitation.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update for this vulnerability, which is included in the October 2025 Monthly Rollup, available through the Microsoft Update Catalog.

Added: Oct 14, 2025, 7:20 PM
Updated: Oct 14, 2025, 9:40 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
4.0
remediation
7.7
relevance
0.7
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.