CVE-2026-40364

Medienbericht

EPSS 0.15%
Veröffentlicht 12.05.2026 16:58:38
Zuletzt bearbeitet 13.05.2026 15:34:52
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 5

CNA 7 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMicrosoft

≫

Produkt Microsoft 365 Apps for Enterprise

Version 16.0.1

Version < https://aka.ms/OfficeSecurityReleases

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Office 2019

Version 19.0.0

Version < https://aka.ms/OfficeSecurityReleases

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Office LTSC 2021

Version 16.0.1

Version < https://aka.ms/OfficeSecurityReleases

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Office LTSC 2024

Version 16.0.0

Version < https://aka.ms/OfficeSecurityReleases

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Office LTSC for Mac 2021

Version 16.0.1

Version < 16.109.26051019

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Office LTSC for Mac 2024

Version 16.0.0

Version < 16.109.26051019

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft Word 2016

Version 16.0.1

Version < 16.0.5552.1000

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

Media Report

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364

https://nvd.nist.gov/vuln/detail/CVE-2026-40364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40364

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40364