Office 2016 Microsoft Office 2016

  1. Vendors
  2. Microsoft
  3. Office 2016

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Office 2016.

By the Year

In 2026 there have been 20 vulnerabilities in Microsoft Office 2016 with an average score of 7.7 out of ten. Last year, in 2025 Office 2016 had 38 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Office 2016 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.29




Year Vulnerabilities Average Score
2026 20 7.70
2025 38 7.98
2024 3 7.27
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 7.80

It may take a day or so for new Office 2016 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Office 2016 Security Vulnerabilities

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45463 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Integer underflow

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45645 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45461 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44824 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-44821 5.5 - Medium - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44819 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45485 3.3 - Low - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45474 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45472 8.4 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40358 8.4 - High - May 12, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-40363 8.4 - High - May 12, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2026: Windows Rich Text Edit Elevation of Privilege Vulnerability
CVE-2026-21530 6.7 - Medium - May 12, 2026

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

Double-free

Apr 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32190 8.4 - High - April 14, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26110 8.4 - High - March 10, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26113 8.4 - High - March 10, 2026

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jan 2026: Microsoft Office Security Feature Bypass Vulnerability
CVE-2026-21509 7.8 - High - January 26, 2026

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Reliance on Untrusted Inputs in a Security Decision

Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20952 8.4 - High - January 13, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20953 8.4 - High - January 13, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jan 2026: Microsoft Office Click-To-Run Remote Code Execution Vulnerability
CVE-2026-20943 7 - High - January 13, 2026

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Path

Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62557 8.4 - High - December 09, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554 8.4 - High - December 09, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 7.8 - High - November 11, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59227 7.8 - High - October 14, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234 7.8 - High - October 14, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Sep 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-54910 8.4 - High - September 09, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Sep 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-54906 7.8 - High - September 09, 2025

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53731 8.4 - High - August 12, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Aug 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-53740 8.4 - High - August 12, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49702 7.8 - High - July 08, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49697 8.4 - High - July 08, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49696 8.4 - High - July 08, 2025

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49695 8.4 - High - July 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47994 7.8 - High - July 08, 2025

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Marshaling, Unmarshaling

Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47953 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47167 8.4 - High - June 10, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47173 7.8 - High - June 10, 2025

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47164 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47162 8.4 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30386 8.4 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30377 8.4 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

May 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29979 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Apr 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29791 7.8 - High - April 08, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Apr 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-27744 7.8 - High - April 08, 2025

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

Authorization

Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27745 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27746 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27748 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27749 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-29820 7.8 - High - April 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Apr 2025: Microsoft Word Security Feature Bypass Vulnerability
CVE-2025-29816 7.5 - High - April 08, 2025

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Acceptance of Extraneous Untrusted Data With Trusted Data

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Office 2016 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Office 2016
Product

subscribe