Msrc Microsoft Office 2019 For 32-Bit Editions vulnerabilities

CVE-2026-26107 [HIGH] CWE-416 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred t

CVE-2026-26108 [HIGH] CWE-122 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software

CVE-2026-26113 [HIGH] CWE-822 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes

CVE-2026-26112 [HIGH] CWE-822 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is somet

CVE-2026-26110 [HIGH] CWE-843 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. T

CVE-2026-26109 [HIGH] CWE-125 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referr

CVE-2026-21260 [HIGH] CWE-200 Microsoft Outlook Spoofing Vulnerability Microsoft Outlook Spoofing Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates o

CVE-2026-21259 [HIGH] CWE-122 Microsoft Excel Elevation of Privilege Vulnerability Microsoft Excel Elevation of Privilege Vulnerability Description: Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. FAQ: Is the Preview Pane an attack vect

CVE-2026-21511 [HIGH] CWE-502 Microsoft Outlook Spoofing Vulnerability Microsoft Outlook Spoofing Vulnerability Description: Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this spoofing vulnerability by using a specially cra

CVE-2026-21258 [MEDIUM] CWE-20 Microsoft Excel Information Disclosure Vulnerability Microsoft Excel Information Disclosure Vulnerability Description: Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: What type of information c

CVE-2026-21261 [MEDIUM] CWE-125 Microsoft Excel Information Disclosure Vulnerability Microsoft Excel Information Disclosure Vulnerability Description: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attac

CVE-2026-20952 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The wor

CVE-2026-20957 [HIGH] CWE-191 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a

CVE-2026-20950 [HIGH] CWE-416 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred t

CVE-2026-21509 [HIGH] CWE-807 Microsoft Office Security Feature Bypass Vulnerability Microsoft Office Security Feature Bypass Vulnerability Description: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ

CVE-2026-20948 [HIGH] CWE-822 Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometime

CVE-2026-20953 [HIGH] CWE-416 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as

CVE-2026-20955 [HIGH] CWE-822 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote c

CVE-2026-20946 [HIGH] CWE-125 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referr

CVE-2025-62553 [HIGH] CWE-416 Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to the CVSS metric, the attack vector