CVE-2026-55033 – Microsoft Word Remote Code Execution Vulnerability
“One malicious document can become the starting point for a much larger security incident.”
An integer overflow and heap-based buffer overflow vulnerability in Microsoft Word allows an unauthorized attacker to execute code locally. Although the attack is classified as local, exploitation requires an attacker to convince a user to open a specially crafted Word document or trigger the vulnerability through the Preview Pane. Successful exploitation could allow arbitrary code execution with the privileges of the affected user.
CVSS Score: 7.8
SEVERITY: Critical
THREAT:
This vulnerability allows arbitrary code execution through a specially crafted Microsoft Word document. A successful attack could enable an attacker to install malware, access sensitive information, modify files, or perform additional actions using the permissions of the compromised user.
EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by integer overflow or wraparound (CWE-190) and heap-based buffer overflow (CWE-122) in Microsoft Word. An attacker can craft a malicious Word document that triggers improper memory handling when opened or previewed. Microsoft confirms that the Preview Pane is an attack vector, meaning exploitation may occur when the file is previewed without being fully opened. Successful exploitation allows arbitrary code execution in the security context of the current user.
EXPLOITABILITY:
Affected products include Microsoft Word 2016, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office 365 for Mac, Microsoft Office LTSC for Mac 2021/2024, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. Exploitation requires an attacker to deliver a specially crafted Office file and convince a user to open it or trigger processing through the Preview Pane.
BUSINESS IMPACT:
Successful exploitation could give attackers a foothold on corporate endpoints, enabling malware deployment, unauthorized access to sensitive information, and lateral movement within enterprise environments. Because Microsoft Word documents are routinely exchanged across organizations, this vulnerability presents a significant phishing and social engineering risk.
WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing all applicable security updates for affected Microsoft Word, Office, and SharePoint products.
URGENCY:
This vulnerability should be deployed urgently because it is rated Critical with a CVSS v3.1 Base Score of 7.8. Although exploitation requires user interaction, the Preview Pane is an attack vector, increasing the likelihood that malicious documents could trigger code execution during normal document handling.
Key Details
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122