Volerion logoVolerion
Volerion logoVolerion

Microsoft Office Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Microsoft Office. This vulnerability allows an unauthorized attacker to execute code locally. It affects multiple Office products, including Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office 2016, and various Office LTSC versions for both Windows and Mac. The vulnerability arises from a heap-based buffer overflow, which can be exploited to execute arbitrary code on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized local code execution on the affected system.

Remediation

Security updates for this vulnerability are available for Microsoft 365 Apps for Enterprise, Microsoft Office 2019, and Microsoft Office 2016. For Microsoft Office LTSC 2021 and 2024, as well as Microsoft Office for Android, the security updates will be released as soon as possible. Customers will be notified when these updates are available.

Added: Jun 9, 2026, 6:49 PM
Updated: Jun 9, 2026, 6:49 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
7.5
exploitability
4.1
remediation
7.7
relevance
9.6
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.