7.8
CVE-2025-27747
- EPSS 1.19%
- Veröffentlicht 08.04.2025 17:23:24
- Zuletzt bearbeitet 09.07.2025 13:59:24
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatform-
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatformmacos
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatform-
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatformmacos
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Server Version2019
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.19% | 0.79 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-822 Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.