Microsoft 365 Apps
Moderate fix1 remedy
cpe:2.3:a:microsoft:365_apps:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution
Vulnerability
A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Microsoft Office, including Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, and various SharePoint Server editions. The vulnerability requires user interaction, as an attacker must send a malicious Office file and convince the user to open it.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution on the affected system.
Remediation
Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC and Microsoft 365 for Mac, the security update will be released as soon as possible, and customers will be notified via a revision to the CVE information.
Added: Jun 9, 2026, 7:14 PM
Updated: Jun 9, 2026, 7:14 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
10.0exploitability
3.6remediation
7.7relevance
9.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.