Msrc Microsoft Office 2016 vulnerabilities

CVE-2026-26113 [HIGH] CWE-822 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes

CVE-2026-26110 [HIGH] CWE-843 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. T

CVE-2026-20943 [HIGH] CWE-426 Microsoft Office Click-To-Run Remote Code Execution Vulnerability Microsoft Office Click-To-Run Remote Code Execution Vulnerability Description: Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to imp

CVE-2026-20952 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The wor

CVE-2026-21509 [HIGH] CWE-807 Microsoft Office Security Feature Bypass Vulnerability Microsoft Office Security Feature Bypass Vulnerability Description: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ

CVE-2026-20953 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-62554 [HIGH] CWE-843 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerability requires t

CVE-2025-62557 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: How could an attacker exploit this vulnerability? Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an emai

CVE-2025-62199 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-59234 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-59227 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-54910 [HIGH] CWE-122 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Are the updates for the Microsoft Office LTSC for Mac currently available? The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they ar

CVE-2025-54906 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometime

CVE-2025-53731 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The wor

CVE-2025-53740 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-47994 [HIGH] CWE-502 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Elevation of Privilege Vulnerability Description: Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker can successfully exploit this vulnerability by escaping the Protected View sandbox and running code at Standard User pr

CVE-2025-49695 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: How could an attacker exploit the vulnerability? An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction. FAQ: Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently avai

CVE-2025-49702 [HIGH] CWE-843 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available? Yes. As of July 15, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers r

CVE-2025-49696 [HIGH] CWE-125 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred t

CVE-2025-49697 [HIGH] CWE-122 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available? Yes. As of July 15, 2025, the security update