SB2026071713 - Multiple vulnerabilities in Microsoft Office



SB2026071713 - Multiple vulnerabilities in Microsoft Office

Published: July 17, 2026

Security Bulletin ID SB2026071713
CSH Severity
High
Patch available
YES
Number of vulnerabilities 77
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 66% Medium 12% Low 22%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 77 vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2026-55058)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a specially crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


2) Heap-based buffer overflow (CVE-ID: CVE-2026-55056)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim to execute arbitrary code.

User interaction is required to open or preview the crafted file, and the Preview Pane can be used as an attack vector.


3) Stack-based buffer overflow (CVE-ID: CVE-2026-55134)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Microsoft Office Word when parsing a crafted Office file. A remote attacker can send a specially crafted file and trick the victim into opening it to execute arbitrary code.

The Preview Pane is not an attack vector.


4) Heap-based buffer overflow (CVE-ID: CVE-2026-55131)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


5) Integer overflow (CVE-ID: CVE-2026-55057)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to integer overflow or wraparound in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to disclose sensitive information.

User interaction is required to open or preview the crafted file, and the Preview Pane is an attack vector. Successful exploitation could allow reading small portions of heap memory.


6) Out-of-bounds read (CVE-ID: CVE-2026-55122)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

The disclosed information may include small portions of heap memory. The Preview Pane is not an attack vector.


7) Heap-based buffer overflow (CVE-ID: CVE-2026-55053)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Excel when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to the victim and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


8) Heap-based buffer overflow (CVE-ID: CVE-2026-55137)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


9) Double free (CVE-ID: CVE-2026-55132)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to double free in Microsoft Office Word when processing a crafted Office file. A remote attacker can send a specially crafted file to a user to execute arbitrary code.

The Preview Pane is an attack vector, and user interaction is required to open or preview the crafted file.


10) Stack-based buffer overflow (CVE-ID: CVE-2026-55038)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Microsoft Word when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


11) Numeric Truncation Error (CVE-ID: CVE-2026-55142)

CWE-ID: CWE-197 - Numeric Truncation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to numeric truncation error in Microsoft Office Word when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to disclose sensitive information.

The disclosed information may include portions of heap memory. The Preview Pane is not an attack vector.


12) Heap-based buffer overflow (CVE-ID: CVE-2026-55037)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


13) Out-of-bounds read (CVE-ID: CVE-2026-55054)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a malicious Office file and convince the user to open it to disclose sensitive information.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


14) Stack-based buffer overflow (CVE-ID: CVE-2026-55055)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Microsoft Word when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


15) Out-of-bounds read (CVE-ID: CVE-2026-55044)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


16) Buffer over-read (CVE-ID: CVE-2026-55036)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to buffer over-read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file. The Preview Pane is not an attack vector.


17) Out-of-bounds read (CVE-ID: CVE-2026-55035)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the user to open it to disclose sensitive information.

The disclosed information is limited to small portions of heap memory. The Preview Pane is not an attack vector.


18) Heap-based buffer overflow (CVE-ID: CVE-2026-55129)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open or preview it to execute arbitrary code.

User interaction is required, and the Preview Pane can be used as an attack vector.


19) Stack-based buffer overflow (CVE-ID: CVE-2026-55141)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Microsoft Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


20) Untrusted Pointer Dereference (CVE-ID: CVE-2026-55136)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to untrusted pointer dereference in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


21) Heap-based buffer overflow (CVE-ID: CVE-2026-55120)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft PowerPoint when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


22) Out-of-bounds read (CVE-ID: CVE-2026-55121)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

User interaction is required to open a crafted Office file, and the Preview Pane is not an attack vector.


23) Out-of-bounds read (CVE-ID: CVE-2026-56195)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to disclose sensitive information.

User interaction is required to open or preview the crafted file, and the Preview Pane is an attack vector.


24) Out-of-bounds read (CVE-ID: CVE-2026-56192)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a specially crafted file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. The Preview Pane is not an attack vector.


25) Out-of-bounds read (CVE-ID: CVE-2026-50665)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

User interaction is required to open a crafted Office file, and the Preview Pane is not an attack vector.


26) Heap-based buffer overflow (CVE-ID: CVE-2026-56156)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


27) Use of uninitialized resource (CVE-ID: CVE-2026-55949)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use of uninitialized resource in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


28) Heap-based buffer overflow (CVE-ID: CVE-2026-55947)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


29) Out-of-bounds read (CVE-ID: CVE-2026-55898)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a specially crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector. Successful exploitation could allow reading small portions of heap memory.


30) Use-after-free (CVE-ID: CVE-2026-54131)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


31) Heap-based buffer overflow (CVE-ID: CVE-2026-55127)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Word when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open or preview the crafted file, and the Preview Pane is an attack vector.


32) Heap-based buffer overflow (CVE-ID: CVE-2026-55123)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office PowerPoint when parsing a crafted Office file. A remote attacker can send a specially crafted file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


33) Heap-based buffer overflow (CVE-ID: CVE-2026-55133)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office OneNote when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


34) Heap-based buffer overflow (CVE-ID: CVE-2026-55043)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office PowerPoint when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open the crafted file.


35) Out-of-bounds read (CVE-ID: CVE-2026-55139)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim and convince them to open it to disclose sensitive information.

User interaction is required to open a crafted Office file, and the Preview Pane is not an attack vector.


36) Use of uninitialized resource (CVE-ID: CVE-2026-55042)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to use of an uninitialized resource in Microsoft Office when parsing a crafted Office file. A remote attacker can send a malicious Office file and convince the user to open it to disclose sensitive information.

The Preview Pane is an attack vector, and successful exploitation could allow reading small portions of heap memory.


37) Heap-based buffer overflow (CVE-ID: CVE-2026-55130)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Word when parsing a specially crafted document. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open a crafted file.


38) Use-after-free (CVE-ID: CVE-2026-55128)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Word when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


39) Heap-based buffer overflow (CVE-ID: CVE-2026-55140)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to a user and convince them to open it to execute arbitrary code.

The Preview Pane is also an attack vector, and user interaction is required.


40) Untrusted Pointer Dereference (CVE-ID: CVE-2026-48580)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to untrusted pointer dereference in Microsoft Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to disclose sensitive information.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector. Successful exploitation could disclose small portions of heap memory.


41) Type Confusion (CVE-ID: CVE-2026-55022)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to access of resource using incompatible type ('type confusion') in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted Office file and convince the victim to open it to execute arbitrary code.

The Preview Pane can be used as an attack vector, and user interaction is required.


42) Out-of-bounds read (CVE-ID: CVE-2026-55046)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to a user and convince them to open it to disclose sensitive information.

The disclosed information is limited to local memory addresses. User interaction is required, and the Preview Pane is not an attack vector.


43) Use-after-free (CVE-ID: CVE-2026-55018)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required, and the Preview Pane is an attack vector.


44) Out-of-bounds read (CVE-ID: CVE-2026-50408)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Excel when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector. Successful exploitation could disclose small portions of heap memory.


45) Type Confusion (CVE-ID: CVE-2026-55024)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to access of resource using incompatible type in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

The vulnerability may also allow disclosure of small portions of heap memory. User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


46) Heap-based buffer overflow (CVE-ID: CVE-2026-55017)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


47) Use-after-free (CVE-ID: CVE-2026-50467)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to execute arbitrary code.

User interaction is required to open or preview the crafted file, and the Preview Pane is an attack vector.


48) Use-after-free (CVE-ID: CVE-2026-50314)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

The Preview Pane is also an attack vector, and user interaction is required.


49) Heap-based buffer overflow (CVE-ID: CVE-2026-50301)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to execute arbitrary code.

User interaction is required to open or preview the crafted file, and the Preview Pane can serve as an attack vector.


50) Out-of-bounds read (CVE-ID: CVE-2026-55023)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a specially crafted Office file. A remote attacker can send a specially crafted file to disclose sensitive information.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector. The disclosed information is limited to local memory addresses.


51) Use-after-free (CVE-ID: CVE-2026-47642)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


52) Use-after-free (CVE-ID: CVE-2026-47290)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


53) Heap-based buffer overflow (CVE-ID: CVE-2026-58618)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


54) Out-of-bounds read (CVE-ID: CVE-2026-56193)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to disclose sensitive information.

User interaction is required to open or preview the crafted file, and the Preview Pane can be used as an attack vector. The disclosed information is limited to memory-related information, specifically a heap address returned by the affected service.


55) Use-after-free (CVE-ID: CVE-2026-55948)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


56) Stack-based buffer overflow (CVE-ID: CVE-2026-55899)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to stack-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


57) Out-of-bounds read (CVE-ID: CVE-2026-54988)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


58) Heap-based buffer overflow (CVE-ID: CVE-2026-50678)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a specially crafted file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

The Preview Pane is not an attack vector. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.


59) Out-of-bounds read (CVE-ID: CVE-2026-55047)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

The disclosed data is limited to small portions of heap memory. The Preview Pane is not an attack vector.


60) Improper Validation of Specified Type of Input (CVE-ID: CVE-2026-55124)

CWE-ID: CWE-1287 - Improper Validation of Specified Type of Input

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper validation of specified type of input in Microsoft Word when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to disclose sensitive information.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


61) Untrusted Pointer Dereference (CVE-ID: CVE-2026-55138)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to untrusted pointer dereference in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to disclose sensitive information.

The disclosed data is limited to small portions of heap memory. The Preview Pane is not an attack vector.


62) Heap-based buffer overflow (CVE-ID: CVE-2026-55041)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted Office file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


63) Integer overflow (CVE-ID: CVE-2026-55033)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to integer overflow or wraparound in Microsoft Word when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

The Preview Pane is also an attack vector, and user interaction is required.


64) Use-after-free (CVE-ID: CVE-2026-55032)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in Microsoft Word when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


65) Heap-based buffer overflow (CVE-ID: CVE-2026-55049)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can send a specially crafted file to the victim to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is also an attack vector.


66) Out-of-bounds read (CVE-ID: CVE-2026-55050)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Word when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

User interaction is required to open a crafted Office file, and the Preview Pane is not an attack vector. Successful exploitation could allow reading small portions of heap memory.


67) Out-of-bounds read (CVE-ID: CVE-2026-55045)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds read in Microsoft Office for macOS when processing crafted content locally. A remote attacker can cause the application to process a specially crafted file or preview crafted content to execute arbitrary code.

The Preview Pane is an attack vector.


68) Integer underflow (CVE-ID: CVE-2026-55039)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to integer underflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


69) Heap-based buffer overflow (CVE-ID: CVE-2026-50675)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


70) Out-of-bounds read (CVE-ID: CVE-2026-55028)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a crafted Office file. A remote attacker can send a malicious Office file and convince the user to open it to disclose sensitive information.

The disclosed data is limited to small portions of heap memory. The Preview Pane is not an attack vector.


71) Heap-based buffer overflow (CVE-ID: CVE-2026-55029)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a user and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


72) Out-of-bounds read (CVE-ID: CVE-2026-55027)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Microsoft Office when parsing a crafted Office file. A remote attacker can trick the victim into opening a crafted file to disclose sensitive information.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


73) Integer overflow (CVE-ID: CVE-2026-55048)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to integer overflow or wraparound in Microsoft Office Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file and convince the victim to open it to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


74) Integer overflow (CVE-ID: CVE-2026-55026)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to integer overflow or wraparound in Microsoft Office for macOS when parsing a crafted file. A remote attacker can trick the victim into opening a specially crafted file to disclose sensitive information.

The disclosed information is limited to small portions of heap memory. The Preview Pane is not an attack vector.


75) Out-of-bounds read (CVE-ID: CVE-2026-55031)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to out-of-bounds read in Microsoft Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


76) Heap-based buffer overflow (CVE-ID: CVE-2026-55125)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in Microsoft Office for macOS when parsing a crafted Office file. A remote attacker can trick the victim into opening a specially crafted file to execute arbitrary code.

User interaction is required to open the crafted file, and the Preview Pane is not an attack vector.


77) Type Confusion (CVE-ID: CVE-2026-55025)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to access of resource using incompatible type ('type confusion') in Microsoft Excel when parsing a crafted Office file. A remote attacker can send a specially crafted file to a victim and convince them to open it to execute arbitrary code.

User interaction is required to open a crafted file, and the Preview Pane is not an attack vector.


Remediation

Install update from vendor's website.

References