Microsoft Office Vulnerabilities Let Attackers Execute Remote Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS score of 8.4 out of 10 and affect numerous Office versions across Windows, Mac, and Android platforms.
Security researcher 0x140ce discovered these flaws, which exploit fundamental memory management weaknesses including heap-based buffer overflow, use-after-free conditions, and type confusion errors.
CVE-2025-47162: Heap-Based Buffer Overflow
This vulnerability (CWE-122) originates from improper bounds checking during memory allocation in Office’s file parsing routines.
Attackers can craft malicious documents containing oversized data payloads, triggering a heap-based buffer overflow when processed.
The CVSS vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H highlights the local attack vector (AV:L) and low attack complexity (AC:L), requiring no user interaction (UI:N). Despite the “remote” designation in the title, exploitation occurs locally after the malicious file is downloaded or previewed.
Simply viewing a weaponized document in the Preview Pane triggers the overflow without user interaction. Malicious macros could automate exploitation upon document opening.
CVE-2025-47953: Use-After-Free via Improper Resource Name Validation
This vulnerability (CWE-641) arises from flawed validation of file and resource names, leading to a use-after-free condition.
When Office attempts to access a memory region after prematurely freeing it, attackers can inject malicious code into the dangling pointer’s location. The flaw scores 8.4 on the CVSS scale, mirroring the severity of CVE-2025-47162.
Specially crafted filenames trigger improper resource deallocation. Microsoft rates this as “Exploitation Less Likely” due to the precision required to manipulate memory layouts.
The flaw affects Windows, macOS (Office LTSC 2021/2024), and Android versions, necessitating uniform patching.
CVE-2025-47164: Classic Use-After-Free in Memory Management
Classified under CWE-416, this vulnerability stems from Office failing to invalidate pointers after freeing memory.
Attackers exploit this by reallocating freed memory with malicious data, leading to code execution.
The CVSS exploitability assessment labels this “Exploitation More Likely” due to predictable memory reuse patterns.
All Office editions since 2016 are vulnerable, emphasizing the need for comprehensive patching.
CVE-2025-47167: Type Confusion in Object Handling
This vulnerability (CWE-843) occurs when Office incorrectly handles object types, mistreating a resource as an incompatible type.
Attackers craft documents containing malformed objects, causing type confusion that corrupts memory and enables code execution.
The CVSS metrics mirror other flaws, with high scores across confidentiality, integrity, and availability. Exploitation techniques include embedding contradictory type metadata in documents.
Security Updates Released Across All Platforms
Microsoft released security updates on June 10, 2025, covering all major Office versions, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, Microsoft 365 Apps for Enterprise, and Office for Android.
The updates are delivered through various mechanisms, including Click-to-Run deployment for enterprise versions and traditional security update packages for standalone installations.
Notably, Microsoft 365 cloud-based updates were not immediately available, with the company stating that updates “will be released as soon as possible,” and customers will receive notifications through CVE information revisions.
The affected versions span both 32-bit and 64-bit editions, with specific update packages identified by build numbers such as 16.0.5504.1000 for Office 2016 and 16.98.25060824 for Mac versions.
Organizations should prioritize applying these patches immediately, given the critical severity rating and high exploitability assessment.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Microsoft Office Vulnerabilities Let Attackers Execute Remote Code
Author: Guru BaranMultiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS score of 8.4 out of 10 and affect numerous Office versions across Windows, Mac, and Android platforms.
Security researcher 0x140ce discovered these flaws, which exploit fundamental memory management weaknesses including heap-based buffer overflow, use-after-free conditions, and type confusion errors.
CVE-2025-47162: Heap-Based Buffer Overflow
This vulnerability (CWE-122) originates from improper bounds checking during memory allocation in Office’s file parsing routines.
Attackers can craft malicious documents containing oversized data payloads, triggering a heap-based buffer overflow when processed.
The CVSS vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H highlights the local attack vector (AV:L) and low attack complexity (AC:L), requiring no user interaction (UI:N). Despite the “remote” designation in the title, exploitation occurs locally after the malicious file is downloaded or previewed.
Simply viewing a weaponized document in the Preview Pane triggers the overflow without user interaction. Malicious macros could automate exploitation upon document opening.
CVE-2025-47953: Use-After-Free via Improper Resource Name Validation
This vulnerability (CWE-641) arises from flawed validation of file and resource names, leading to a use-after-free condition.
When Office attempts to access a memory region after prematurely freeing it, attackers can inject malicious code into the dangling pointer’s location. The flaw scores 8.4 on the CVSS scale, mirroring the severity of CVE-2025-47162.
Specially crafted filenames trigger improper resource deallocation. Microsoft rates this as “Exploitation Less Likely” due to the precision required to manipulate memory layouts.
The flaw affects Windows, macOS (Office LTSC 2021/2024), and Android versions, necessitating uniform patching.
CVE-2025-47164: Classic Use-After-Free in Memory Management
Classified under CWE-416, this vulnerability stems from Office failing to invalidate pointers after freeing memory.
Attackers exploit this by reallocating freed memory with malicious data, leading to code execution.
The CVSS exploitability assessment labels this “Exploitation More Likely” due to predictable memory reuse patterns.
All Office editions since 2016 are vulnerable, emphasizing the need for comprehensive patching.
CVE-2025-47167: Type Confusion in Object Handling
This vulnerability (CWE-843) occurs when Office incorrectly handles object types, mistreating a resource as an incompatible type.
Attackers craft documents containing malformed objects, causing type confusion that corrupts memory and enables code execution.
The CVSS metrics mirror other flaws, with high scores across confidentiality, integrity, and availability. Exploitation techniques include embedding contradictory type metadata in documents.
Security Updates Released Across All Platforms
Microsoft released security updates on June 10, 2025, covering all major Office versions, including Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, Microsoft 365 Apps for Enterprise, and Office for Android.
The updates are delivered through various mechanisms, including Click-to-Run deployment for enterprise versions and traditional security update packages for standalone installations.
Notably, Microsoft 365 cloud-based updates were not immediately available, with the company stating that updates “will be released as soon as possible,” and customers will receive notifications through CVE information revisions.
The affected versions span both 32-bit and 64-bit editions, with specific update packages identified by build numbers such as 16.0.5504.1000 for Office 2016 and 16.98.25060824 for Mac versions.
Organizations should prioritize applying these patches immediately, given the critical severity rating and high exploitability assessment.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
