CVE-2026-45645
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally via an untrusted pointer dereference. The issue stems from improper pointer validation in memory.
Risk Assessment
An attacker could gain full control of the victim's system by executing malicious code in the context of the logged-in user. Risks include data theft, malware installation, or session hijacking.
Recommendation
Immediately update Microsoft Office to the latest version available through security patches. Also restrict user privileges and apply the principle of least privilege.
Original NVD description (English source)
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

