Primary

Context

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple Office products, including Office 2016, Office 2019, Office 2021, Office LTSC 2021, Office LTSC 2024, and various versions of Office for Mac and Office for Android.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution.

Remediation

Security updates are available for Microsoft Office 2016, Office 2019, Office 2021, and Microsoft 365 Apps for Enterprise. For Microsoft Office LTSC 2021 and 2024 for Mac, the security updates will be released as soon as possible. Instructions for downloading the security updates can be found on the Microsoft Office Update page.

Added: Jun 9, 2026, 6:50 PM

Updated: Jun 9, 2026, 6:50 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office

Microsoft Office 365

Microsoft Office LTSC

Microsoft 365 Apps

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating