HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45475Published Modified CNA microsoft

CVE-2026-45475: Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
16.0.5556.1005
Affected Products
11

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Heap-based buffer overflow in Microsoft Office allows an attacker to execute arbitrary code on a victim's machine. The vulnerability is triggered locally and requires no authentication, but does require the victim to open a specially crafted Office document. Successful exploitation gives the attacker full code execution with the privileges of the user running Office. A patched-image rebuild at the fixed versions is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle Microsoft Office components. Any image found to carry an affected Office version is flagged immediately in the customer's pipeline results.

Available
Triage

HarborGuard scores this CVE at 7.8 HIGH using the CVSS v3.1 base score and can weight that score against each customer org's compliance policy to determine urgency tier. Triage routing is available to direct findings to the appropriate team inbox within each customer organization.

Available
Patch

Patched-image rebuilds at versions 16.0.5556.1005, 16.0.10417.20153, and 16.0.19725.20384 (per channel) are available on HarborGuard for environments running an affected Office version. For customers who opt into auto-remediation, HarborGuard performs a rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no over-the-network vector is required.

  • AuthenticationNot required

    No credentials or account access are required before triggering the vulnerability.

  • Victim interactionRequired

    The victim must open a malicious Office document, making this a social-engineering vector that requires convincing the user to open a crafted file.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental prerequisites.

Blast Radius

  • The attacker executes arbitrary code in the context of the user running Microsoft Office, inheriting that user's file system and network permissions.
  • Confidential files accessible to the user (documents, credentials, session tokens) can be read and exfiltrated.
  • The attacker can modify or delete files and data owned by the compromised user account.
  • The Office process and any dependent services can be crashed or hijacked, disrupting the user's workload.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any customer image that packages a vulnerable Microsoft Office build across the affected product lines (Office 2016, 2019, LTSC 2021, LTSC 2024, and 365 Apps for Enterprise). The CVE is rated 7.8 HIGH, and compliance policy weighting is available to escalate it further in environments with strict document-processing policies. Where compliance policy permits, auto-remediation customers receive a rebuilt image pinned to the appropriate fixed channel version, a regression-test run, and a PR opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For Mac variants (Microsoft Office LTSC for Mac 2021, LTSC for Mac 2024, Microsoft Office 365 for Mac), no discrete fix version was published in the CVE record; HarborGuard re-checks the upstream advisory each ingest cycle and will make a patched rebuild available the moment a specific fix version is confirmed.

See how HarborGuard automates this

Fix available

16.0.5556.100516.0.10417.2015316.0.19725.20384https://aka.ms/OfficeSecurityReleases
Patch commits
Affected packages
  • Microsoft / Microsoft 365 Apps for Enterprise
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft Office 2019
    < https://aka.ms/OfficeSecurityReleases (from 19.0.0)
  • Microsoft / Microsoft Office 365 for Mac
    -
  • Microsoft / Microsoft Office LTSC 2021
    < https://aka.ms/OfficeSecurityReleases (from 16.0.1)
  • Microsoft / Microsoft Office LTSC 2024
    < https://aka.ms/OfficeSecurityReleases (from 16.0.0)
  • Microsoft / Microsoft Office LTSC for Mac 2021
    -
  • Microsoft / Microsoft Office LTSC for Mac 2024
    -
  • Microsoft / Microsoft SharePoint Enterprise Server 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server 2019
    < 16.0.10417.20153 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server Subscription Edition
    < 16.0.19725.20384 (from 16.0.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References