Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2025-26629

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 11 March 2025

Summary

A use-after-free vulnerability has been identified in Microsoft Office, which may allow unauthorized attackers to execute arbitrary code on affected systems. This flaw arises from improper handling of memory in the application, potentially leading to security breaches. Users are encouraged to apply the latest updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office LTSC 2024 32-bit Systems 1.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 12, 2025