0X140Ce

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: A use-after-free vulnerability exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. The vulnerability can be triggered by opening a malicious document. Multiple use-after-free bugs were identified in Microsoft Office and Word. Remote attackers can execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: An out-of-bounds read issue in Microsoft Office allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The vulnerability allows remote attackers to execute arbitrary code and affect the system. The issue involves accessing a resource using an incompatible type ('type confusion') within Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: A heap-based buffer overflow issue in Microsoft Office allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to a use after free flaw in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is a heap-based buffer overflow that allows an unauthorized attacker to execute code locally. This enables remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to a use after free condition in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** The issue is related to a use after free flaw in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue involves access of a resource using an incompatible type, also known as 'type confusion', in Microsoft Office. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint (affected versions not specified) **Description** The issue is related to a use after free condition in Microsoft Office PowerPoint, allowing an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** The issue is related to the release of an invalid pointer or reference in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can be exploited by remote attackers to execute arbitrary code and affect the system. The vulnerability is due to faulty memory pointers in Microsoft Excel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to May 2025 updates Description: The issue is related to a type confusion flaw in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This enables remote attackers to execute arbitrary code and affect the system. Recommendations: For versions prior to May 2025 updates, update to the latest version that includes the May 2025 updates to secure the environment. At the moment, there is no information about additional mitigation measures for this specific issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel (affected versions not specified) Description: The issue is related to a use-after-free flaw in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. The vulnerability can be exploited by opening or previewing malicious Excel files, potentially giving attackers system control. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel (affected versions not specified) Description: The issue allows an unauthorized attacker to execute code locally due to a 'type confusion' vulnerability, where a resource is accessed using an incompatible type. This vulnerability also enables remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the May 2025 updates **Description** The issue is related to a use after free vulnerability in Microsoft Office, allowing an unauthorized attacker to execute code locally. This vulnerability can be exploited by remote attackers to execute arbitrary code and affect the system. Previewing an email in Outlook could potentially trigger arbitrary code execution. **Recommendations** To resolve the issue, patch Microsoft Office with the May 2025 updates to stay safe. As a temporary workaround, consider avoiding previewing emails in Outlook until the patch is applied. Restricting access to potentially vulnerable components of Microsoft Office may also help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to a use after free vulnerability in Microsoft Office, allowing an unauthorized attacker to execute code locally. This vulnerability can be exploited by remote attackers to execute arbitrary code and affect the system. The vulnerability is associated with the use of memory after it has been freed. **Recommendations** For Microsoft Office for Mac, install the available security update to be protected from this vulnerability. For other Microsoft Office software, no action is required as they are not affected by this issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Avoid using vulnerable functions or parameters in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to a 'type confusion' error in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. The vulnerability is associated with errors in mixing data types in Microsoft Excel, part of the Microsoft Office and Microsoft 365 Apps for Enterprise packages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue allows an unauthorized attacker to execute code locally, potentially enabling them to affect the system. This is due to a use after free vulnerability in Microsoft Office, which can be exploited by remote attackers to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. The vulnerability is associated with a buffer overflow in dynamic memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to a use after free vulnerability in Microsoft Office, which allows an unauthorized attacker to execute code locally. This vulnerability can be exploited by remote attackers to execute arbitrary code and affect the system. The vulnerability is associated with the use of memory after it has been freed. **Recommendations** For Microsoft Office for Mac, customers should install the available security update to be protected from this vulnerability. For other Microsoft Office software, no action is required. As a temporary workaround, consider disabling any functionality that may be using the vulnerable memory allocation until a patch is available. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but installing the latest security updates for Microsoft Office for Mac is recommended.