CVE-2026-45457: Microsoft Word Remote Code Execution Vulnerability

Synopsis

An untrusted pointer dereference vulnerability in Microsoft Word allows an attacker to execute arbitrary code on a victim's machine. The attack is local in execution, meaning it requires the victim to open a specially crafted document, but no authentication or account privileges are needed on the part of the attacker. Successful exploitation gives the attacker full code execution with the permissions of the user running Word, enabling complete confidentiality, integrity, and availability impact. A patched-image rebuild is available on HarborGuard for environments running affected versions of Microsoft 365 Apps for Enterprise.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityNot required

  The attacker does not need network access to the target; exploitation happens locally on the host where the document is opened.

• AuthenticationNot required

  No account credentials or privileges are required from the attacker to trigger the vulnerability.

• Victim interactionRequired

  The victim must open a specially crafted Word document, making this a social-engineering vector that relies on the user taking an action.

• Attack complexityDetail

  Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

• Reads any file or data accessible to the user running Word, including stored credentials, documents, and session tokens.
• Writes or modifies files and data within the user's permission scope, including persisted documents and configuration files.
• Crashes or disrupts the Word process and any dependent workflows running under the same user account.
• Executes arbitrary code at the privilege level of the logged-in user, which can serve as a foothold for further lateral movement if that user holds elevated rights.