Tag
Multiple Vulnerabilities in Microsoft Office Products (June 2026)
3 rules 4 TTPs 5 CVEsCERT-FR has disclosed 31 vulnerabilities in various Microsoft Office products, including CVE-2026-44803 and CVE-2026-47635, which could allow remote code execution, privilege escalation, and data confidentiality compromise.
CVE-2026-42832 - Microsoft Office Improper Access Control Vulnerability Leading to Spoofing
2 rules 2 TTPs 1 CVECVE-2026-42832 is an improper access control vulnerability in Microsoft Office that allows an unauthorized attacker to perform local spoofing.
CVE-2026-42831 Heap-based Buffer Overflow in Microsoft Office
1 rule 1 TTP 1 CVECVE-2026-42831 is a heap-based buffer overflow vulnerability in Microsoft Office, allowing a local attacker to execute arbitrary code with a CVSS score of 7.8.
CVE-2026-40419: Microsoft Office Use-After-Free Vulnerability for Local Privilege Escalation
2 rules 1 TTP 1 CVECVE-2026-40419 is a use-after-free vulnerability in Microsoft Office that allows an authenticated, local attacker to elevate privileges.
CVE-2026-40363: Microsoft Office Heap-based Buffer Overflow
2 rules 1 TTP 1 CVEA heap-based buffer overflow vulnerability in Microsoft Office allows an unauthenticated, local attacker to execute arbitrary code.
CVE-2026-40358 Use-After-Free Vulnerability in Microsoft Office
2 rules 2 TTPs 1 CVECVE-2026-40358 describes a use-after-free vulnerability in Microsoft Office that could allow an unauthorized local attacker to execute code with elevated privileges.
Microsoft Office Word Use-After-Free Vulnerability (CVE-2026-33095)
2 rules 1 TTP 1 CVEA use-after-free vulnerability in Microsoft Office Word (CVE-2026-33095) could allow a local attacker to execute arbitrary code by opening a specially crafted document.