CVE-2025-47953
Microsoft Office Remote Code Execution Vulnerability
In short
Microsoft Office has a flaw that lets an attacker run harmful code on your computer by exploiting how the program manages memory. This happens when Office tries to use data that has already been deleted, creating an opening for malicious actions.
Technical detail
A use-after-free vulnerability in Microsoft Office memory management allows local code execution when an attacker provides specially crafted input that causes the application to access freed memory regions. The vulnerability requires user interaction to open a malicious document and results in arbitrary code execution with the privileges of the Office process.
Summary generated and translated by AI from the official description.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft 365 Apps for EnterpriseMicrosoft · Microsoft Office 2016Microsoft · Microsoft Office 2019Microsoft · Microsoft Office for AndroidMicrosoft · Microsoft Office LTSC 2021Microsoft · Microsoft Office LTSC 2024Microsoft · Microsoft Office LTSC for Mac 2021Microsoft · Microsoft Office LTSC for Mac 2024Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →