Zhiniang Peng

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 **Description** A use-after-free issue in Microsoft Office Excel allows an unauthorized attacker to execute arbitrary code locally or remotely. This can be achieved by tricking a user into opening a malicious Excel file, which affects the system. **Recommendations** Update Microsoft 365 Apps for Enterprise to a version later than 16.0.1.

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 **Description** An out-of-bounds read in Microsoft Office Excel allows an unauthorized local attacker to disclose sensitive information. This occurs when a user opens a malicious Excel file that triggers a read operation beyond the allocated memory bounds, potentially affecting the system. **Recommendations** Update Microsoft 365 Apps for Enterprise to a version newer than 16.0.1.

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 **Description** A use-after-free issue in Microsoft Office Excel allows an unauthorized attacker to execute arbitrary code locally or remotely. This can be achieved by tricking a user into opening a malicious Excel file, which affects the system. **Recommendations** Update Microsoft 365 Apps for Enterprise to a version later than 16.0.1.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word (affected versions not specified) **Description** An out-of-bounds read allows an unauthorized attacker to disclose information locally. An out-of-bounds read occurs when an application reads data from a memory location outside the boundaries of the intended buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) Microsoft Office Microsoft 365 Apps for Enterprise Microsoft Office Online Server **Description** A use-after-free issue exists in Microsoft Office Excel, Microsoft Office, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server. This flaw could allow an unauthorized attacker to execute code locally. The vulnerability enables remote attackers to execute arbitrary code and affect the system. The issue involves the use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word (affected versions not specified) **Description** An issue exists in Microsoft Office Word where an untrusted pointer dereference can allow an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** An out-of-bounds read issue exists in Microsoft Office Excel. This can allow an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** A use after free condition exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-21219 **Description** A use after free issue exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** An out-of-bounds read issue exists in Microsoft Office Excel. This can allow an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Excel (affected versions not specified) **Description** An out-of-bounds read issue exists in Microsoft Office Excel, potentially allowing an attacker to disclose information locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows USB Video Driver (affected versions not specified) **Description** The Windows USB Video Driver exhibits a flaw where the generation of error messages can expose sensitive information locally to an authorized attacker. The issue allows for the disclosure of information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-58735 **Description** A use-after-free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025 (affected versions not specified) **Description** A use-after-free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A use-after-free condition exists in the Windows Bluetooth Service. This allows an authorized attacker to gain elevated privileges on a local system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xbox (affected versions not specified) **Description** A use-after-free condition exists in Xbox, potentially allowing an authorized attacker to elevate privileges locally. This issue stems from improper memory management. An attacker with some level of access or permissions on the device can exploit this to execute arbitrary code with elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inbox COM Objects (affected versions not specified) **Description** A use after free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inbox COM Objects (affected versions not specified) **Description** A use-after-free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Information Services (affected versions not specified) **Description** A race condition exists in Inbox COM Objects due to concurrent execution using a shared resource with improper synchronization. This allows an unauthorized attacker to execute code locally. The issue is considered trivial to weaponize. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-58731 **Description** A use after free issue exists in Inbox COM Objects, potentially allowing an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.