CVE-2026-40363

Microsoft · Office

A heap-based buffer overflow vulnerability in Microsoft Office allows a local, unauthenticated attacker to execute arbitrary code.

Executive summary

A critical heap-based buffer overflow in various Microsoft Office products may allow an unauthorized local attacker to execute arbitrary code.

Vulnerability

This is a heap-based buffer overflow (CWE-122) occurring within Microsoft Office components. The CVSS vector (AV:L/AC:L/PR:N/UI:N) indicates that an unauthenticated local attacker can trigger this vulnerability without user interaction.

Business impact

Successful exploitation of this vulnerability allows an attacker to achieve code execution on the local system with the privileges of the victim. Given the CVSS score of 8.4, this poses a high risk of total system compromise, potentially leading to unauthorized data access, lateral movement within the network, and significant operational disruption.

Remediation

Immediate Action: Apply the latest security updates provided by Microsoft via the official Microsoft Security Update Guide (https://aka.ms/OfficeSecurityReleases).

Proactive Monitoring: Monitor endpoint logs for suspicious process spawning or unexpected memory-related crashes within Office applications.

Compensating Controls: Ensure endpoint detection and response (EDR) solutions are configured to detect and block abnormal memory allocation patterns or unauthorized code execution attempts.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

Due to the severity of a heap-based buffer overflow allowing remote code execution, organizations should prioritize patching all affected Microsoft Office installations. Ensure automated update mechanisms are functioning correctly to mitigate this risk across the environment.