Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to vulnerabilities
High

Local Code Execution in Microsoft Office Word via Malicious Document

IdentifiersCVE-2026-45486CWE-416· Use After Free

CVE-2026-45486 is a Microsoft Office Word vulnerability described by Microsoft as an untrusted pointer dereference and further characterized in the advisory as a use-after-free condition. The flaw can be triggered when a user opens a specially crafted malicious Office file in Microsoft Word. Successful exploitation allows code execution in the security context of the local user running Word. Microsoft states that exploitation requires user interaction and is not achievable through the Preview Pane.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

An attacker can achieve local code execution in the context of the user who opens the malicious document. The resulting impact depends on that user's privileges and may include execution of arbitrary code, access to user-accessible data, installation of additional payloads, and follow-on activity under the compromised user's context. The attack is not zero-click; a user must open the crafted Office file.

Mitigation

If you can’t patch tonight, do this now.

Do not open untrusted or unexpected Office documents. Reduce exposure by filtering or blocking suspicious Office attachments, using phishing-resistant controls and user awareness measures, and monitoring for attempts to deliver malicious Word files. Where patches are not yet available, prioritize compensating controls around document delivery and execution. The Preview Pane is not an attack vector for this issue.

Remediation

Patch, then assume compromise.

Apply the Microsoft security update for all affected Microsoft Office Word products. For Microsoft Office LTSC for Mac 2021, 2024, and Microsoft 365 for Mac, Microsoft indicated that updates were not immediately available at publication time; those platforms should be updated as soon as vendor fixes are released.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft Corporation365 Appsapplication
Microsoft CorporationMicrosoft 365application
Microsoft CorporationOffice 2021application
Microsoft CorporationOffice 2024application
Microsoft CorporationOffice 365application
Microsoft CorporationOffice Macos 2021application
Microsoft CorporationOffice Macos 2024application
Microsoft CorporationOffice Wordapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories and community write-ups. News coverage will land here when it surfaces.

10 SOURCESView more in app

No news coverage yet. Advisories and community discussion only.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity10

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-45486
NVD
nvd.nist.gov/vuln/detail/CVE-2026-45486
MITRE CWE · CWE-416
Use After Free
Vendor Advisory
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486