CVE-2026-55056 – Microsoft Office Remote Code Execution Vulnerability
“One malicious Office document can turn an ordinary workday into a costly security incident if critical updates are delayed.”
A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted Office document, and Microsoft confirms that the Preview Pane is also an attack vector. Security updates are available for affected Microsoft Office products across Windows and macOS.
CVSS Score: 7.8
SEVERITY: Critical
THREAT:
This vulnerability affects Microsoft Office by allowing arbitrary code execution through a specially crafted Office file. An attacker can distribute the malicious document through email, collaboration platforms, or file-sharing services and persuade a user to open or preview it. Successful exploitation allows code execution with the privileges of the current user, potentially enabling malware installation, credential theft, data compromise, or further attacks within the environment.
EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Microsoft Office. A specially crafted Office document can trigger memory corruption, resulting in arbitrary code execution. Although the vulnerability is categorized as Remote Code Execution, Microsoft explains that the attack itself is carried out locally after user interaction. Microsoft also confirms that the Preview Pane is an attack vector, increasing the exposure to malicious Office documents.
EXPLOITABILITY:
Affected products include Microsoft 365 Apps for Enterprise (32-bit and 64-bit), Microsoft Office 2016, Microsoft Office 2019, Microsoft Office 365 for Mac, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024. Exploitation requires no attacker privileges but does require user interaction, specifically opening or previewing a specially crafted Office document.
BUSINESS IMPACT:
Microsoft Office remains one of the most frequently targeted applications in phishing and malware campaigns. Successful exploitation could allow attackers to execute malicious code, install ransomware, steal confidential information, or establish a foothold for lateral movement within the organization. Businesses that regularly exchange Office documents with external users are particularly exposed.
WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected Microsoft Office products.
URGENCY:
This vulnerability should be deployed urgently because it is rated Critical. Although user interaction is required, Office documents remain one of the most common delivery methods for phishing and malware attacks. Prompt deployment of security updates significantly reduces the risk of document-based compromise.
Key Details
- Affected Product
- Microsoft 365 Apps
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122