Primary

Context

Microsoft Office Type Confusion Vulnerability Leading to Remote Code Execution

Vulnerability

A type confusion vulnerability has been identified in Microsoft Office applications, including Outlook and Word. This vulnerability allows an unauthorized attacker to execute code locally. It arises from the improper handling of resources, enabling the execution of malicious code.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles linked in the Security Updates table.

Added: Jun 9, 2026, 7:04 PM

Updated: Jun 9, 2026, 7:04 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Type Confusion Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Word

Microsoft Office LTSC

Microsoft SharePoint Server

Microsoft 365 Apps

Microsoft Office

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating