{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40367/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2026-40367"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Office Word"],"_cs_severities":["high"],"_cs_tags":["cve-2026-40367","office-word","rce","untrusted-pointer-dereference","execution"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-40367 is an untrusted pointer dereference vulnerability affecting Microsoft Office Word. This vulnerability enables an unauthorized attacker to execute arbitrary code locally on a vulnerable system. The vulnerability stems from improper handling of memory pointers within the application, leading to a situation where a maliciously crafted document can trigger the dereference of an untrusted pointer. Successful exploitation allows attackers to gain control over the affected system, potentially leading to data theft, malware installation, or further unauthorized activities. This vulnerability poses a significant risk to organizations and individuals using Microsoft Office Word, as it can be exploited through social engineering tactics, such as distributing malicious documents via email or other communication channels.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Word document designed to trigger the untrusted pointer dereference vulnerability (CVE-2026-40367).\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious document to a target user via email, shared network drive, or other means.\u003c/li\u003e\n\u003cli\u003eThe target user opens the malicious document in Microsoft Office Word.\u003c/li\u003e\n\u003cli\u003eUpon opening the document, the vulnerable code path is triggered, causing the application to attempt to dereference an untrusted pointer.\u003c/li\u003e\n\u003cli\u003eThe untrusted pointer dereference leads to the execution of arbitrary code within the context of the Word process.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the code execution to install malware, establish persistence, or perform other malicious activities on the compromised system.\u003c/li\u003e\n\u003cli\u003eThe attacker may attempt to escalate privileges or move laterally within the network, depending on the initial access level.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40367 allows an attacker to execute arbitrary code on a target system with the privileges of the user running Microsoft Office Word. This can lead to complete system compromise, including data theft, malware installation, and denial of service. Given the widespread use of Microsoft Office Word, this vulnerability has the potential to affect a large number of users and organizations. If successful, an attacker could gain a foothold within an organization\u0026rsquo;s network and use it as a launching point for further attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update released by Microsoft to patch CVE-2026-40367 as soon as possible.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential exploitation attempts targeting CVE-2026-40367.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks of opening documents from untrusted sources to mitigate the risk of social engineering attacks.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual or suspicious processes spawned by Microsoft Word, as indicated in the Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:43:21Z","date_published":"2026-05-12T18:43:21Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40367-word-rce/","summary":"CVE-2026-40367 is an untrusted pointer dereference vulnerability in Microsoft Office Word that allows an unauthorized attacker to execute code locally with a CVSS v3.1 base score of 8.4.","title":"CVE-2026-40367: Microsoft Office Word Untrusted Pointer Dereference Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-40367-word-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40367","version":"https://jsonfeed.org/version/1.1"}