Primary

Context

Microsoft Windows Inbox COM Objects Use-After-Free Vulnerability Leading to Local Remote Code Execution

Vulnerability

A use-after-free vulnerability has been identified in Inbox COM Objects, which allows an unauthorized attacker to execute code locally. This vulnerability arises from a memory management issue where an object can be accessed after it has been freed, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update KB5066836 for Windows Server 2016, Windows 10 Version 1607, and various other Windows 11 and Windows Server versions. This update is available through the Microsoft Update Catalog.

Added: Oct 14, 2025, 7:16 PM

Updated: Oct 14, 2025, 9:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows Inbox COM Objects Use-After-Free Vulnerability Leading to Local Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating