Primary

Context

Microsoft Office Word Heap-Based Buffer Overflow Vulnerability Allowing Information Disclosure

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Microsoft Office Word. This vulnerability allows an unauthorized attacker to locally disclose information by exploiting the buffer overflow. The issue arises when Word processes a malicious file, potentially leading to the unauthorized reading of heap memory.

Impact

Exploitation of this vulnerability could result in unauthorized local information disclosure, allowing an attacker to read portions of heap memory.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Microsoft Office LTSC 2021, 2024, and Microsoft 365 for Mac, the security updates will be released as soon as possible, with customers being notified when they are available.

Added: Jun 9, 2026, 7:01 PM

Updated: Jun 9, 2026, 7:01 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Word Heap-Based Buffer Overflow Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office

Microsoft Office 365

Microsoft Office LTSC

Microsoft 365 Apps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating