CVE Catalog

CVE-2026-45645

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally via an untrusted pointer dereference. The issue stems from improper pointer validation in memory.

Risk Assessment

An attacker could gain full control of the victim's system by executing malicious code in the context of the logged-in user. Risks include data theft, malware installation, or session hijacking.

Recommendation

Immediately update Microsoft Office to the latest version available through security patches. Also restrict user privileges and apply the principle of least privilege.

Original NVD description (English source)

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS