Msrc Microsoft Office vulnerabilities

CVE-2026-24285 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Previ

CVE-2026-25180 [MEDIUM] CWE-125 Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Description: Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user would need to be tricked into opening a folder that contains a specially crafted file.

CVE-2026-20846 [HIGH] CWE-126 GDI+ Denial of Service Vulnerability GDI+ Denial of Service Vulnerability Description: Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. Windows GDI+: Windows GDI+ Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB507

CVE-2025-60724 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit the vulnerability? An attacker

CVE-2016-9535 [CRITICAL] CWE-1395 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability Description: tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." MITRE created this CVE on their behalf. The

CVE-2025-53799 [MEDIUM] CWE-908 Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to

CVE-2025-53766 [CRITICAL] CWE-122 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability? An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation

CVE-2025-30388 [HIGH] CWE-122 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type o

CVE-2025-26687 [HIGH] CWE-416 Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Are the updates for Windows 10 for x64-based Systems and Windows

CVE-2025-21338 [HIGH] CWE-190 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code

CVE-2024-38250 [HIGH] CWE-126 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2023-24910 [HIGH] CWE-476 Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit

CVE-2023-21823 [HIGH] CWE-190 Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: How do I get the update for a Windows App? The Microsoft Store will automatically update affected customers. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this gui

CVE-2017-8676 [LOW] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combinat

CVE-2016-7274 [HIGH] Windows Uniscribe Remote Code Execution Vulnerability Windows Uniscribe Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configure