Home

CVE-2026-26113

Description

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.049

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of volume version(10417.20108)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2602 of Retail Version(19725.20172)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2108 of volume version(14334.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x64 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2024 for x86 2408 of volume version(17932.20700)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)Windows
Microsoft SharePoint Server Spoofing Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB5002850) farm-deploymentWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft SharePoint Server 2019 Core (KB5002845) farm-deploymentWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft SharePoint Server Subscription Edition (KB5002843) farm-deploymentWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2016 (KB5002848) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2016 (KB5002848) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB5002851) farm-deploymentWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft SharePoint Server 2019 Language Pack (KB5002847) farm-deploymentWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-43634Update for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43636Update for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43638Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2602 of version(19725.20170)
PATCH-43640Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2602 (19725.20170)
PATCH-43650Update for Office 2019 for x64 1808 of volume version(10417.20108)
PATCH-43652Update for Office 2019 for x86 1808 of volume version(10417.20108)
PATCH-43626Update for Microsoft 365 Apps for Business Current Channel for x64 2602 of version(19725.20172)
PATCH-43628Update for Microsoft 365 Apps for Business Current Channel for x86 2602 of version(19725.20172)
PATCH-43630Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2602 of version(19725.20172)
PATCH-43632Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2602 of version(19725.20172)
PATCH-43658Update for Office 2021 for x64 2602 of Retail Version(19725.20172)
PATCH-43660Update for Office 2021 for x86 2602 of Retail Version(19725.20172)
PATCH-43666Update for Office 2024 for x86 2602 of Retail Version(19725.20172)
PATCH-43668Update for Office 2024 for x64 2602 of Retail Version(19725.20172)
PATCH-43654Update for Office 2021 for x64 2108 of volume version(14334.20570)
PATCH-43656Update for Office 2021 for x86 2108 of volume version(14334.20570)
PATCH-43662Update for Office 2024 for x64 2408 of volume version(17932.20700)
PATCH-43664Update for Office 2024 for x86 2408 of volume version(17932.20700)
PATCH-43642Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43644Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2508 of version(19127.20570)
PATCH-43646Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2508 of version(19127.20570)
PATCH-43648Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2508 of version(19127.20570)
PATCH-43678Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002850) farm-deployment
PATCH-43677Security Update for Microsoft SharePoint Server 2019 Core (KB5002845) farm-deployment
PATCH-43676Security Update for Microsoft SharePoint Server Subscription Edition (KB5002843) farm-deployment
PATCH-43679Security Update for Microsoft Word 2016 (KB5002848) 64-Bit Edition
PATCH-43680Security Update for Microsoft Word 2016 (KB5002848) 32-Bit Edition
PATCH-43682Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002851) farm-deployment
PATCH-43681Security Update for Microsoft SharePoint Server 2019 Language Pack (KB5002847) farm-deployment

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234