Volerion logoVolerion
Volerion logoVolerion

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office 2021, Office LTSC 2021, Office LTSC 2024, and various Microsoft 365 applications. The vulnerability can be exploited through the Preview Pane.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Security updates for this vulnerability are available for Microsoft Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise. However, the security update for Microsoft Office LTSC 2024 and Microsoft Office for Android is not yet available. Instructions for downloading the security updates can be found on the Microsoft Update Catalog.

Added: Jun 9, 2026, 6:58 PM
Updated: Jun 9, 2026, 6:58 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
7.5
exploitability
2.7
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.