Li Shuang

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 **Description** A use-after-free issue in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally or remotely. This occurs when a user is tricked into opening a malicious document, which triggers memory corruption during processing. **Recommendations** Update Microsoft 365 Apps for Enterprise to a version newer than 16.0.1.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: A heap-based buffer overflow exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. The vulnerability may allow remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Visio (affected versions not specified) Description: A heap-based buffer overflow exists in Microsoft Office Visio that could allow an unauthorized attacker to execute code locally. The issue requires user interaction and involves crafted files. Recommendations: Apply the September 2025 Patch Tuesday update.

**Name of the Vulnerable Software and Affected Versions:** Microsoft Office (affected versions not specified) **Description:** A use-after-free issue exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. The vulnerability may allow remote attackers to execute arbitrary code and affect the system. Several use-after-free bugs were identified within Microsoft Office and Word, where malicious code execution is possible upon opening a compromised document. It is reported that some of these vulnerabilities are being exploited in real-world attacks. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: The issue is related to a use after free condition in Microsoft Office, which enables an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office PowerPoint (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft Office Long Term Servicing Channel (affected versions not specified) **Description** A heap-based buffer overflow exists in Microsoft Office PowerPoint. This issue allows an unauthorized attacker to execute code locally and potentially affect the system. The vulnerability enables remote attackers to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: The issue is related to a use-after-free condition in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can potentially enable remote attackers to execute arbitrary code and affect the system. No user interaction is needed beyond previewing the MS Office Preview Pane for remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel (affected versions not specified) Description: The issue is related to a use after free condition in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This poses a threat to data and security. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) **Description** The issue is related to a use after free vulnerability in Microsoft Office, which can allow an unauthorized attacker to execute arbitrary code locally. This can potentially enable remote attackers to execute code and affect the system. The estimated number of potentially affected devices worldwide is not provided. **Recommendations** For Microsoft Office, update to the latest version that includes the security updates for Mac to be protected from this vulnerability. For Microsoft 365 Apps for Enterprise, no specific fix is provided, but customers should ensure they are running the latest version of the software. As a temporary workaround, consider disabling any features that may be using the vulnerable component until a patch is available. Restrict access to any modules or functions that may be affected by the use after free vulnerability to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to the fixed version Microsoft Office Online Server version 1.0.0 Description: The issue is a stack-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute arbitrary code locally. This vulnerability can be exploited by remote attackers to affect the system. Recommendations: For Microsoft Office Excel versions prior to the fixed version, update to the latest version to resolve the issue. For Microsoft Office Online Server version 1.0.0, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to vulnerable components of Microsoft Office Excel until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GDI+ (affected versions not specified) **Description** The issue is related to an integer overflow in the GDI+ component of Microsoft Office and Windows operating system packages. This can allow a remote attacker to execute arbitrary code. The vulnerability enables remote code execution, potentially affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Visio (affected versions not specified) **Description** The issue concerns a remote code execution problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Office 365 (affected versions not specified) Description: The issue is related to a buffer overflow in memory, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code, potentially affecting the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Description: The issue is related to the use of an uninitialized resource in Microsoft Office and Office 365 packages. Exploitation of this issue may allow an attacker to execute arbitrary code. A vulnerability in Microsoft Excel enables remote attackers to execute arbitrary code, affecting the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions (affected versions not specified) Microsoft Excel versions (affected versions not specified) Microsoft 365 Apps for Enterprise versions (affected versions not specified) Description: The issue is related to a buffer overflow in memory, allowing an attacker to execute arbitrary code. This can be exploited by remote attackers, potentially affecting the system. Recommendations: For Microsoft Office, update to a version that includes a fix for the buffer overflow issue. For Microsoft Excel, consider disabling features that may trigger the buffer overflow until a patch is available. For Microsoft 365 Apps for Enterprise, restrict access to potentially vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Excel (affected versions not specified) Description: The issue is related to a buffer overflow in memory, which can be exploited to execute arbitrary code. This can allow an attacker to perform unauthorized actions on the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HEVC Video Extensions (affected versions not specified) **Description** The issue is related to insufficient input validation in the HEVC Video Extensions codec. This can allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when appending a fragment skb to a skb's frag list that already contains skbs from other sources. This can lead to use-after-free crashes, as the appended frag skb is seen by multiple skbs but only gets skb get called once. The problem occurs when a skb is created by pskb copy() where the frag list is cloned and shared among multiple skbs, or when a skb is updated by pskb may pull() with a skb cloned skb. Li Shuang has reported several crashes caused by this issue during testing on macvlan devices. The patch resolves this by linearizing the head skb if it has a frag list set in tipc buf append(), avoiding skb copy() by calling skb linearize() before skb unshare(). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.