This vulnerability is a Use‑After‑Free flaw that can be triggered when Microsoft Word processes a specially crafted document or content. The flaw allows the attacker to execute arbitrary code in the current user’s context, potentially granting full system control, data exfiltration or destructive actions. The weakness is classified as CWE‑416 and indicates that freed memory is accessed, leading to memory corruption. Based on the description, the attacker would need the victim to open a malicious Word file, making the exploit locally triggered by user action.

Affected Microsoft products include Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021 and 2024, and the Mac editions of Office LTSC 2021 and 2024. The CVE entry does not specify which exact release or build numbers are impacted, so all active versions of those products are considered at risk until an update is applied.

The CVSS score of 8.4 signifies a high‑severity flaw. EPSS information is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires the victim to open a malicious Word document, meaning that users who handle untrusted files are at risk. Organizations should treat this as a critical exposure that could lead to local privilege escalation and data compromise if exploited.