CVE-2025-47173
Microsoft Office Remote Code Execution Vulnerability
In short
Microsoft Office fails to properly check user-provided files, allowing an attacker to execute malicious code on your computer when you open a specially crafted document. This is dangerous because it gives the attacker complete control of your system.
Technical detail
CWE-641 improper input validation in Microsoft Office enables arbitrary code execution through a local attack vector when processing maliciously crafted files. The vulnerability requires user interaction (opening a document) and results in code execution with the privileges of the affected Office process.
Summary generated and translated by AI from the official description.
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft 365 Apps for EnterpriseMicrosoft · Microsoft Office 2016Microsoft · Microsoft Office 2019Microsoft · Microsoft Office LTSC 2021Microsoft · Microsoft Office LTSC 2024Microsoft · Microsoft Office LTSC for Mac 2021Microsoft · Microsoft Office LTSC for Mac 2024Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →