Msrc Microsoft Office 2016 vulnerabilities

CVE-2025-24057 [HIGH] CWE-122 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes re

CVE-2025-24080 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2025-21392 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score ind

CVE-2025-21346 [HIGH] CWE-693 Microsoft Office Security Feature Bypass Vulnerability Microsoft Office Security Feature Bypass Vulnerability FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. FAQ: What kind of securit

CVE-2024-49059 [HIGH] CWE-59 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, the attack complexity is h

CVE-2024-43600 [HIGH] CWE-284 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: There are multiple update packages available for some o

CVE-2024-49031 [HIGH] CWE-126 Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example,

CVE-2024-49032 [HIGH] CWE-416 Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example,

CVE-2024-43609 [MEDIUM] CWE-200 Microsoft Office Spoofing Vulnerability Microsoft Office Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have

CVE-2024-38200 [MEDIUM] CWE-200 Microsoft Office Spoofing Vulnerability Microsoft Office Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way t

CVE-2024-38021 [HIGH] CWE-20 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. FAQ:

CVE-2024-38020 [MEDIUM] CWE-200 Microsoft Outlook Spoofing Vulnerability Microsoft Outlook Spoofing Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerabil

CVE-2024-30101 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability. FAQ: According to the CVSS metric, the attack co

CVE-2024-30104 [HIGH] CWE-59 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim

CVE-2024-21413 [CRITICAL] CWE-20 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to ma

CVE-2024-20673 [HIGH] CWE-693 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score ind

CVE-2023-36009 [MEDIUM] Microsoft Word Information Disclosure Vulnerability Microsoft Word Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file

CVE-2023-35636 [MEDIUM] CWE-200 Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open

CVE-2023-36413 [MEDIUM] Microsoft Office Security Feature Bypass Vulnerability Microsoft Office Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker

CVE-2023-41764 [MEDIUM] CWE-347 Microsoft Office Spoofing Vulnerability Microsoft Office Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based atta