Description
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Untrusted pointer dereference in Microsoft Word enables an attacker to execute code on the system without proper authorization. The vulnerability stems from a classic use‑after‑free flaw (CWE‑416), providing unauthorized code‑execution capabilities when a malicious document is processed by the application.

Affected Systems

The flaw affects Microsoft 365 Apps for Enterprise, Microsoft Office 365 for Mac, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024. Specific version details are not disclosed in the available CNA data.

Risk and Exploitability

With a CVSS score of 7.8 the flaw is considered high severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is the opening of a malicious document or macro‑enabled file that triggers the unsafe pointer dereference, allowing local code execution. Mitigation depends on timely application of the vendor’s fix.

Generated by OpenCVE AI on June 9, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Office update that addresses CVE-2026-45486.
  • Disable automatic macro execution and set Office security settings to treat external attachments as safe but isolated.
  • Limit exposure by only opening documents from trusted sources and consider executing suspicious files in a sandboxed environment.

Generated by OpenCVE AI on June 9, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Title Microsoft Word Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft 365 Apps
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
Weaknesses CWE-416
CPEs cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office_365:*:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*
cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*
Vendors & Products Microsoft
Microsoft 365 Apps
Microsoft office 365
Microsoft office Macos 2021
Microsoft office Macos 2024
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft 365 Apps Office 365 Office Macos 2021 Office Macos 2024
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:49:41.611Z

Reserved: 2026-05-12T16:07:22.617Z

Link: CVE-2026-45486

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:23.193

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45486

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:00:10Z

Weaknesses