CVE-2026-55123 – Microsoft PowerPoint Remote Code Execution Vulnerability
“A single malicious presentation can give attackers an opening into the business if critical updates are delayed.”
A heap-based buffer overflow vulnerability in Microsoft PowerPoint allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted PowerPoint presentation. Microsoft has released security updates for affected PowerPoint and Microsoft Office products.
CVSS Score: 7.8
SEVERITY: Critical
THREAT:
This vulnerability allows an attacker to execute arbitrary code by convincing a user to open a specially crafted PowerPoint presentation. Malicious presentation files can be distributed through phishing emails, file-sharing services, or collaboration platforms. If exploited, the attacker can execute code with the privileges of the current user, potentially resulting in malware installation, credential theft, data compromise, or additional attacks within the environment.
EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) and incorrect conversion between numeric types (CWE-681) in Microsoft PowerPoint. A specially crafted presentation can trigger memory corruption, allowing arbitrary code execution. Although categorized as a Remote Code Execution vulnerability, Microsoft explains that exploitation occurs locally after the victim opens the malicious presentation. Microsoft also confirms that the Preview Pane is not an attack vector for this vulnerability.
EXPLOITABILITY:
Affected products include Microsoft 365 Apps for Enterprise (32-bit and 64-bit), Microsoft PowerPoint 2016 (32-bit and 64-bit), Microsoft Office 2019, Microsoft Office 365 for Mac, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024. For Microsoft Office LTSC 2021 and LTSC 2024, the affected software table lists the CVSS score set as N/A for those products. Exploitation requires no attacker privileges but does require user interaction, specifically opening a specially crafted PowerPoint presentation.
BUSINESS IMPACT:
PowerPoint presentations are commonly shared internally and externally, making them a practical vehicle for phishing campaigns. Successful exploitation could enable attackers to execute malicious code, deploy ransomware, steal sensitive information, or establish a foothold for additional attacks within the organization.
WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected PowerPoint and Microsoft Office products.
URGENCY:
This vulnerability should be deployed urgently because it is rated Critical. Although user interaction is required, presentation files remain a common method for delivering malicious content. Prompt deployment of the available security updates significantly reduces the risk of compromise.
Key Details
- Affected Product
- Microsoft 365 Apps
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122