Description
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Published: 2026-06-09
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap‑based buffer overflow in Microsoft Office Word allows an attacker with local access to the machine to read memory that should not be exposed. The vulnerability does not provide remote code execution or privilege escalation; it simply grants the local attacker the ability to disclose internal data. The weakness is classified as a classic buffer overflow, CWE‑122.

Affected Systems

The flaw affects all recent Microsoft Office Word releases, including Microsoft 365 Apps for Enterprise, Office 365 for Mac, Office LTSC 2021, Office LTSC 2024, Office LTSC for Mac 2021, and Office LTSC for Mac 2024. Users running any of these editions should verify whether their installation is still vulnerable.

Risk and Exploitability

The assigned CVSS score of 3.3 indicates low severity and the lack of an EPSS rating or KEV listing reflects a relatively low threat surface. Attackers would need local access or credentials to exploit the buffer overflow, and the exploit is likely to be limited to the local user context. No public exploits or advanced techniques have been reported. The risk remains primarily tied to the accidental or malicious local execution of crafted content.

Generated by OpenCVE AI on June 9, 2026 at 19:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office security update that patches the heap‑overflow bug.
  • Enable automatic updates for Microsoft Office so that future mitigations are delivered without user intervention.
  • Review and remove any custom templates or uncontrolled content that could trigger the vulnerable code path if a patch is not immediately available.

Generated by OpenCVE AI on June 9, 2026 at 19:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Title Microsoft Word Information Disclosure Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 2021
Microsoft office 2024
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
Weaknesses CWE-122
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*
cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*
cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 2021
Microsoft office 2024
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office 2021 Office 2024 Office 365 Office Macos 2021 Office Macos 2024
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:49:55.280Z

Reserved: 2026-05-12T16:06:43.098Z

Link: CVE-2026-45466

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:21.077

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T19:15:12Z

Weaknesses