—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerabilities in Microsoft Office 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Office

Overview

Multiple vulnerabilities have been reported in Microsoft Office which could allow an attacker to execute arbitrary code in the context of the current user on the affected system.

Target Audience:

All end-user organizations and individuals using Microsoft Office products.

Risk Assessment:

High risk of remote code execution, unauthorized access, and potential system compromise.

Impact Assessment:

Potential for data theft, execution of malicious code in the context of the current user, and unauthorized actions on the affected system.

Description

Microsoft Office is a widely used productivity suite that includes applications for document creation, data analysis, presentations, and collaboration. It is commonly deployed across enterprise and individual environments.

The reported vulnerabilities arise from improper handling of memory objects within Microsoft Office components, leading to memory corruption conditions such as use-after-free during document processing. A remote attacker could exploit these vulnerabilities by convincing a target user to open or preview a specially crafted Office document.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user on the affected system.

Solution

Apply appropriate security updates as mentioned in:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953

Vendor Information

Microsoft 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953

References

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953

CVE Name

CVE-2026-20952

CVE-2026-20953

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmluJWgACgkQ3jCgcSdc

ys98eA/+L3xgUXwJ+lOW8FfNYgD0oXHDysMDmjsWuvpBgKVFp72taL/LISs2tQh7

M56lBiJJkxnamyA2Tm6LMXOxjkluV3X0a84Wgo/Y/srNGUMTCTy1LSE/fwZxQPL7

ZKyfC+F0eKyVPs9O8tLqrkL/hk4tQi9PmvcvRCaLSBLrGnjNVhDsT6K35w0ZTZrI

PdMjU51efavnRz/p84btkPs/iOE6+FT/JUNxCqX6n4WJ2UVCpVYuEA0rwwn4twIG

0ZO/FkaCKFvzuoT2vosGXOB+vDXoCviIvZCSxQNnfU2VZo73//Ci5BCgURFWlNs2

X99khVrdsE6ZShCdpgnEtQiTuC06emsqBJ2xdOckjE1s0ngH6u8bzSD3waC3frw+

Znq4OdD9ek8Zthp9Dg8L0QItadY3ngpvMOzPvWyoyXi4GULeY5lCQxHz0dBuRX8K

KNEwAJAjiMWB4zTP1P7EfjB0tXvqwYNVHRYUCdPEeMTcUHfTa8bUkFvdki6OHMR7

kl+JvZvVYUOsgJUiefZYbRuhebVkBywtmZcrlI2nGCJhGFlqfjos5Uq9WXJoLWoy

G/wyGX98TCnOqE3uRiMCgTpwZ50Z4Yirn9v54Fz8+/LxU6c+TJJisr93reEMxjGK

KEqYbT8zeXTMQaz0b2Fp97b9WiGXjx0Jv7p4HfcAshroCp5P9ak=

=Nufp

—–END PGP SIGNATURE—–