Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-40419 (GCVE-0-2026-40419)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:58 – Updated: 2026-05-14 18:08
VLAI?
EPSS
Title
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Summary
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
Date Public ?
2026-05-12 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T03:56:47.386295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T10:10:43.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T18:08:15.695Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
}
],
"title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-40419",
"datePublished": "2026-05-12T16:58:48.082Z",
"dateReserved": "2026-04-13T00:27:50.799Z",
"dateUpdated": "2026-05-14T18:08:15.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-40419",
"date": "2026-05-14",
"epss": "0.00044",
"percentile": "0.13538"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-40419\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-05-12T18:17:20.070\",\"lastModified\":\"2026-05-13T15:34:52.573\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419\",\"source\":\"secure@microsoft.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40419\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T03:56:47.386295Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T10:00:49.594Z\"}}], \"cna\": {\"title\": \"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}], \"datePublic\": \"2026-05-12T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419\", \"name\": \"Microsoft Office Click-To-Run Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"19.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}, {\"criteria\": \"cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-13T17:58:42.157Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-40419\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T17:58:42.157Z\", \"dateReserved\": \"2026-04-13T00:27:50.799Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-05-12T16:58:48.082Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
NCSC-2026-0144
Vulnerability from csaf_ncscnl - Published: 2026-05-12 17:53 - Updated: 2026-05-12 17:53Summary
Kwetsbaarheden verholpen in Microsoft Office
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.
De kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.
```
Microsoft Teams:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker |
| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Microsoft Office PowerPoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
M365 Copilot:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-42893 | 7.40 | <Vertaal: Tampering> |
|----------------|------|-------------------------------------|
Microsoft Office Word:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens |
| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens |
| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Office for Android:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code |
| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office SharePoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code |
| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code |
| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office Excel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens |
| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker |
|----------------|------|-------------------------------------|
Microsoft Office Click-To-Run:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten |
| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten |
| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
```
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-73: External Control of File Name or Path
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-416: Use After Free
CWE-502: Deserialization of Untrusted Data
CWE-552: Files or Directories Accessible to External Parties
CWE-822: Untrusted Pointer Dereference
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-908: Use of Uninitialized Resource
CWE-1220: Insufficient Granularity of Access Control
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.
CWE-502 - Deserialization of Untrusted DataAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An insufficient granularity of access control vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.
CWE-822 - Untrusted Pointer DereferenceAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
Microsoft Office Word contains a vulnerability where files or directories accessible to external parties can allow unauthorized attackers to locally disclose sensitive information.
CWE-552 - Files or Directories Accessible to External PartiesAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized local attacker to disclose sensitive information by reading memory beyond intended boundaries.
CWE-125 - Out-of-bounds ReadAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.
CWE-122 - Heap-based Buffer OverflowAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A type confusion vulnerability in Microsoft Office Word allows unauthorized local code execution by accessing resources using incompatible types.
CWE-122 - Heap-based Buffer OverflowAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Office allows an authorized attacker to locally elevate privileges by exploiting memory management flaws.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An external control of file name or path vulnerability in Microsoft Office Word enables unauthorized attackers to disclose information over a network.
CWE-73 - External Control of File Name or PathAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
The document highlights a 'use after free' vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Office Excel enables unauthorized local code execution by an attacker.
CWE-122 - Heap-based Buffer OverflowAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A use-after-free vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.
CWE-416 - Use After FreeAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An insufficient granularity of access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges.
CWE-1220 - Insufficient Granularity of Access ControlAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An improper access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
A heap-based buffer overflow vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.
CWE-122 - Heap-based Buffer OverflowAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An improper access control vulnerability in Microsoft Office PowerPoint enables an authorized local attacker to perform spoofing attacks.
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
Files or directories accessible to external parties in Microsoft Teams can be exploited by unauthorized attackers to perform local spoofing attacks.
CWE-552 - Files or Directories Accessible to External PartiesAffected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An improper access control vulnerability in Microsoft Office allows a local unauthorized attacker to perform spoofing, potentially compromising the integrity of user interactions.
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
Improper neutralization of special elements in commands within Microsoft 365 Copilot allows unauthorized attackers to perform network tampering.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
An improper authorization vulnerability in Microsoft Teams allows an authorized attacker to disclose sensitive information over a network, potentially leading to unauthorized data exposure.
9.6 (Critical)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 32-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024 for 64-bit editions
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Outlook for iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Teams for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (32-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016 (64-bit edition)
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
References
27 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.\n\n```\nMicrosoft Teams: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker | \n| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nM365 Copilot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42893 | 7.40 | \u003cVertaal: Tampering\u003e | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens | \n| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nOffice for Android: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code | \n| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens | \n| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Click-To-Run: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n```\n",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Office",
"tracking": {
"current_release_date": "2026-05-12T17:53:28.017576Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0144",
"initial_release_date": "2026-05-12T17:53:28.017576Z",
"revision_history": [
{
"date": "2026-05-12T17:53:28.017576Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Microsoft Excel for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Microsoft Office for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Microsoft Outlook for iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Microsoft PowerPoint for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "Microsoft Teams"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "Microsoft Teams for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "Microsoft Word 2016 (32-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "Microsoft Word 2016 (64-bit edition)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "Office Online Server"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-35439",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35439 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35439.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-35439"
},
{
"cve": "CVE-2026-40368",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40368 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40368.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40368"
},
{
"cve": "CVE-2026-33110",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33110 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33110.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-33110"
},
{
"cve": "CVE-2026-33112",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33112 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-33112"
},
{
"cve": "CVE-2026-40357",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40357 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40357.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40357"
},
{
"cve": "CVE-2026-40365",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "An insufficient granularity of access control vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40365 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40365.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40365"
},
{
"cve": "CVE-2026-40367",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40367 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40367.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40367"
},
{
"cve": "CVE-2026-35440",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "description",
"text": "Microsoft Office Word contains a vulnerability where files or directories accessible to external parties can allow unauthorized attackers to locally disclose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35440 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35440.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-35440"
},
{
"cve": "CVE-2026-40360",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized local attacker to disclose sensitive information by reading memory beyond intended boundaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40360 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40360.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40360"
},
{
"cve": "CVE-2026-40363",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized local attacker to execute arbitrary code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40363 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40363"
},
{
"cve": "CVE-2026-40364",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "A type confusion vulnerability in Microsoft Office Word allows unauthorized local code execution by accessing resources using incompatible types.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40364 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40364.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40364"
},
{
"cve": "CVE-2026-40366",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40366 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40366.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40366"
},
{
"cve": "CVE-2026-40419",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Office allows an authorized attacker to locally elevate privileges by exploiting memory management flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40419 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40419.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40419"
},
{
"cve": "CVE-2026-40421",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"category": "other",
"text": "External Control of File Name or Path",
"title": "CWE-73"
},
{
"category": "description",
"text": "An external control of file name or path vulnerability in Microsoft Office Word enables unauthorized attackers to disclose information over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40421 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40421.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40421"
},
{
"cve": "CVE-2026-40358",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "The document highlights a \u0027use after free\u0027 vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40358 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40358.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40358"
},
{
"cve": "CVE-2026-40359",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40359 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40359.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40359"
},
{
"cve": "CVE-2026-40361",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40361 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40361.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40361"
},
{
"cve": "CVE-2026-40362",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Office Excel enables unauthorized local code execution by an attacker.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40362 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40362.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40362"
},
{
"cve": "CVE-2026-40418",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A use-after-free vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40418"
},
{
"cve": "CVE-2026-35436",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"notes": [
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "description",
"text": "An insufficient granularity of access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-35436 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35436.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-35436"
},
{
"cve": "CVE-2026-40420",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Microsoft Office Click-To-Run allows an authorized local attacker to elevate privileges on the affected system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40420 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40420.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-40420"
},
{
"cve": "CVE-2026-42831",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in Microsoft Office allows unauthorized local code execution, posing a significant security risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42831 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42831.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-42831"
},
{
"cve": "CVE-2026-41102",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Microsoft Office PowerPoint enables an authorized local attacker to perform spoofing attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41102 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41102.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-41102"
},
{
"cve": "CVE-2026-32185",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "description",
"text": "Files or directories accessible to external parties in Microsoft Teams can be exploited by unauthorized attackers to perform local spoofing attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32185 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32185.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-32185"
},
{
"cve": "CVE-2026-42832",
"notes": [
{
"category": "description",
"text": "An improper access control vulnerability in Microsoft Office allows a local unauthorized attacker to perform spoofing, potentially compromising the integrity of user interactions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42832 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42832.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-42832"
},
{
"cve": "CVE-2026-42893",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "Improper neutralization of special elements in commands within Microsoft 365 Copilot allows unauthorized attackers to perform network tampering.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42893 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-42893.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-42893"
},
{
"cve": "CVE-2026-33823",
"notes": [
{
"category": "description",
"text": "An improper authorization vulnerability in Microsoft Teams allows an authorized attacker to disclose sensitive information over a network, potentially leading to unauthorized data exposure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33823 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33823.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26"
]
}
],
"title": "CVE-2026-33823"
}
]
}
GHSA-QM7Q-9QMG-QG28
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI?
Details
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2026-40419"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:20Z",
"severity": "HIGH"
},
"details": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-qm7q-9qmg-qg28",
"modified": "2026-05-12T18:30:45Z",
"published": "2026-05-12T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40419"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2026-40419
Vulnerability from fkie_nvd - Published: 2026-05-12 18:17 - Updated: 2026-05-13 15:34
Severity ?
Summary
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2026-40419",
"lastModified": "2026-05-13T15:34:52.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2026-05-12T18:17:20.070",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
MSRC_CVE-2026-40419
Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-05-12 07:00Summary
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-416
- Use After Free
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 32-bit editions
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 64-bit editions
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 32-bit Systems
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 64-bit editions
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 32-bit editions
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 32-bit editions
|
https://aka.ms/OfficeSecurityReleases | ||
|
Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 64-bit editions
|
https://aka.ms/OfficeSecurityReleases |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Office LTSC 2024 for 64-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 64-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft Office LTSC 2024 for 32-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2024 for 32-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft Office LTSC 2021 for 32-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 32-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft Office LTSC 2021 for 64-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 64-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft 365 Apps for Enterprise for 64-bit Systems <https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft 365 Apps for Enterprise for 32-bit Systems <https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 32-bit Systems
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft Office 2019 for 64-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 64-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
|
|
Microsoft Office 2019 for 32-bit editions <https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 32-bit editions
|
<https://aka.ms/OfficeSecurityReleases |
Vendor Fix
fix
|
Threats
Impact
Elevation of Privilege
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
Acknowledgments
0ccbbf129444eb66344ccafb92b00df4
{
"document": {
"acknowledgments": [
{
"names": [
"0ccbbf129444eb66344ccafb92b00df4"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
},
{
"category": "self",
"summary": "CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-40419.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2026-05-12T07:00:00.000Z",
"generator": {
"date": "2026-05-12T17:53:08.866Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-40419",
"initial_release_date": "2026-05-12T07:00:00.000Z",
"revision_history": [
{
"date": "2026-05-12T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "11573"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "11574"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
"product_id": "11762"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
"product_id": "11763"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "11952"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 64-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "11953"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2024 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "12420"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 32-bit editions"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2024 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
"product_id": "12421"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024 for 64-bit editions"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40419",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.",
"title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
},
{
"category": "faq",
"text": "No, the Preview Pane is not an attack vector.",
"title": "Is the Preview Pane an attack vector for this vulnerability?"
}
],
"product_status": {
"fixed": [
"11573",
"11574",
"11762",
"11763",
"11952",
"11953",
"12420",
"12421"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
},
{
"category": "self",
"summary": "CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-40419.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T07:00:00.000Z",
"details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
"product_ids": [
"8",
"7",
"6",
"5",
"4",
"3",
"2",
"1"
],
"url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
}
]
}
CERTFR-2026-AVI-0584
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Excel pour Android versions antérieures à 16.0.19822.20190 | ||
| Microsoft | N/A | Microsoft Outlook pour iOS versions antérieures à 5.2617.1 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Office pour Android versions antérieures à 16.0.19822.20190 | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.109.26051019 | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | N/A | Office Online Server versions antérieures à 16.0.10417.20128 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft 365 Copilot pour Android versions antérieures à 16.0.19822.20190 | ||
| Microsoft | N/A | Microsoft PowerPoint pour Android versions antérieures à 16.0.19822.20190 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.109.26051019 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5552.1000 | ||
| Microsoft | N/A | Microsoft Word pour Android versions antérieures à 16.0.19822.20190 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel pour Android versions ant\u00e9rieures \u00e0 16.0.19822.20190",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour iOS versions ant\u00e9rieures \u00e0 5.2617.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19822.20190",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.109.26051019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20128",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Copilot pour Android versions ant\u00e9rieures \u00e0 16.0.19822.20190",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint pour Android versions ant\u00e9rieures \u00e0 16.0.19822.20190",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.109.26051019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5552.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word pour Android versions ant\u00e9rieures \u00e0 16.0.19822.20190",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-41102",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41102"
},
{
"name": "CVE-2026-40419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40419"
},
{
"name": "CVE-2026-40421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40421"
},
{
"name": "CVE-2026-41100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41100"
},
{
"name": "CVE-2026-42893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42893"
},
{
"name": "CVE-2026-40418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40418"
},
{
"name": "CVE-2026-40359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40359"
},
{
"name": "CVE-2026-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40364"
},
{
"name": "CVE-2026-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40360"
},
{
"name": "CVE-2026-40362",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40362"
},
{
"name": "CVE-2026-35440",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35440"
},
{
"name": "CVE-2026-40367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40367"
},
{
"name": "CVE-2026-40420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40420"
},
{
"name": "CVE-2026-40363",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40363"
},
{
"name": "CVE-2026-40361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40361"
},
{
"name": "CVE-2026-41101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41101"
},
{
"name": "CVE-2026-42832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42832"
},
{
"name": "CVE-2026-35436",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35436"
},
{
"name": "CVE-2026-40366",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40366"
},
{
"name": "CVE-2026-40358",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40358"
},
{
"name": "CVE-2026-42831",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42831"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0584",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40418",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40418"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-35440",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35440"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40363",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40421",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40421"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40367",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-41100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41100"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40366",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-35436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35436"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40361",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40364",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-42832",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42832"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40359",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40359"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40419",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40419"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40358",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-42893",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42893"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40360",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40420",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40420"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-41101",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41101"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-40362",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40362"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-42831",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831"
},
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-41102",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41102"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…