Home

CVE-2026-26112

Description

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.062

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB5002849) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB5002849) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office Online Server (KB5002846) farm-deploymentWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-43634Update for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43636Update for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43638Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43640Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43650Update for Office 2019 for x64 1808 of volume version(10417.20108)
PATCH-43652Update for Office 2019 for x86 1808 of volume version(10417.20108)
PATCH-43626Update for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)
PATCH-43628Update for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)
PATCH-43630Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)
PATCH-43632Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)
PATCH-43658Update for Office 2021 for x64 2602 of Retail Version(19725.20172)
PATCH-43660Update for Office 2021 for x86 2602 of Retail Version(19725.20172)
PATCH-43666Update for Office 2024 for x86 2602 of Retail Version(19725.20172)
PATCH-43668Update for Office 2024 for x64 2602 of Retail Version(19725.20172)
PATCH-43654Update for Office 2021 for x64 2108 of volume version(14334.20570)
PATCH-43656Update for Office 2021 for x86 2108 of volume version(14334.20570)
PATCH-43662Update for Office 2024 for x64 2408 of volume version(17932.20700)
PATCH-43664Update for Office 2024 for x86 2408 of volume version(17932.20700)
PATCH-43642Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43644Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)
PATCH-43646Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43648Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)
PATCH-43671Security Update for Microsoft Excel 2016 (KB5002849) 64-Bit Edition
PATCH-43672Security Update for Microsoft Excel 2016 (KB5002849) 32-Bit Edition
PATCH-43673Security Update for Microsoft Office Online Server (KB5002846) farm-deployment

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234