Use After Free Vulnerability in Microsoft Word
CVE-2025-24077
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 11 March 2025
Summary
A use after free vulnerability in Microsoft Word may allow an unauthorized attacker to execute arbitrary code locally on a targeted system. This exploit can leverage specific conditions in the software to gain control, posing significant risks to user data and system integrity. Users are encouraged to stay informed about updates and patches to safeguard against this vulnerability.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Office LTSC 2024 32-bit Systems 1.0.0
Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.95.25030928
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved