Volerion logoVolerion
Volerion logoVolerion

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise, both for Windows and Mac. The vulnerability can be exploited through the Preview Pane.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Security updates for this vulnerability are available for Microsoft Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise. For Microsoft Office LTSC 2024 and the Office 365 suite for Mac, the updates will be released as soon as possible. Instructions for downloading the security updates can be found on the Microsoft Update Catalog.

Added: Jun 9, 2026, 7:00 PM
Updated: Jun 9, 2026, 7:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
10.0
exploitability
2.7
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.