CVE-2026-45486

Published: Jun 9, 2026Modified: Jun 11, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com

Description

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Affected (5)

Products: Microsoft: 365 Apps, Microsoft 365, Office 2021, Office 2024

4 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft 365 Apps	All versions
Microsoft Microsoft 365	All versions
Microsoft Office 2021	All versions
Microsoft Office 2024	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.