Heap-based Buffer Overflow in Microsoft Office OneNote
CVE-2026-55133

7.8HIGH

What is CVE-2026-55133?

A heap-based buffer overflow vulnerability in Microsoft Office OneNote could enable malicious actors to execute arbitrary code on affected systems. This flaw allows an unauthorized attacker to exploit the vulnerability by crafting and delivering a specially designed file, leading to local code execution. Users are encouraged to apply available patches to mitigate the risk associated with this serious security concern.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 365 for Mac 1.0.0 < 16.111.26071215

Microsoft Office LTSC for Mac 2021 16.0.1 < 16.111.26071215

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.