Word Microsoft Word

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Word.

Recent Microsoft Word Security Advisories

Advisory Title Published
CVE-2026-9079 CVE-2026-9079 stale proxy password leak July 9, 2026
CVE-2026-8926 CVE-2026-8926 password leak with netrc and user in URL July 7, 2026
CVE-2026-14019 Chromium: CVE-2026-14019 Inappropriate implementation in Passwords July 3, 2026
CVE-2026-13937 Chromium: CVE-2026-13937 Insufficient policy enforcement in Passwords July 3, 2026
CVE-2026-14009 Chromium: CVE-2026-14009 Insufficient data validation in Passwords July 3, 2026
CVE-2026-13933 Chromium: CVE-2026-13933 Insufficient policy enforcement in Passwords July 3, 2026
CVE-2026-14050 Chromium: CVE-2026-14050 Insufficient policy enforcement in Passwords July 3, 2026
CVE-2026-14102 Chromium: CVE-2026-14102 Use after free in Passwords July 3, 2026
CVE-2026-13982 Chromium: CVE-2026-13982 Incorrect security UI in Passwords July 3, 2026
CVE-2026-13818 Chromium: CVE-2026-13818 Inappropriate implementation in Passwords July 3, 2026

Known Exploited Microsoft Word Vulnerabilities

The following Microsoft Word vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Word Information Disclosure Vulnerability Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
CVE-2023-36761 Exploit Probability: 19.0%
September 12, 2023
Microsoft Word Malformed Object Pointer Vulnerability Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
CVE-2006-2492 Exploit Probability: 48.4%
June 8, 2022
Microsoft Word Remote Code Execution Vulnerability Microsoft Word allows attackers to execute remote code or cause a denial-of-service via crafted RTF data.
CVE-2012-2539 Exploit Probability: 53.2%
March 28, 2022
Microsoft Word Memory Corruption Vulnerability Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
CVE-2014-1761 Exploit Probability: 77.7%
February 15, 2022

The vulnerability CVE-2014-1761: Microsoft Word Memory Corruption Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Microsoft Word vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 7 vulnerabilities in Microsoft Word with an average score of 7.0 out of ten. Last year, in 2025 Word had 13 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.62




Year Vulnerabilities Average Score
2026 7 7.00
2025 13 7.62
2024 5 7.14
2023 8 7.69
2022 8 6.65
2021 8 7.51
2020 15 7.36
2019 6 7.37
2018 27 8.13

It may take a day or so for new Word vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Word Security Vulnerabilities

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Office for Android Spoofing Vulnerability
CVE-2026-45649 7.1 - High - June 09, 2026

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft Office Spoofing Vulnerability
CVE-2026-42832 7.7 - High - May 12, 2026

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft Word for Android Spoofing Vulnerability
CVE-2026-41101 7.1 - High - May 12, 2026

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft 365 Copilot for Android Spoofing Vulnerability
CVE-2026-41100 4.4 - Medium - May 12, 2026

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Authorization

Mar 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-26133 7.1 - High - March 13, 2026

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Command Injection

Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733 8.4 - High - August 12, 2025

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Incorrect Conversion between Numeric Types

Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53738 7.8 - High - August 12, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Aug 2025: Microsoft Word Information Disclosure Vulnerability
CVE-2025-53736 6.8 - Medium - August 12, 2025

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Over-read

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49703 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49698 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49699 7 - High - July 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49700 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47168 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-27747 7.8 - High - April 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Apr 2025: Microsoft Word Security Feature Bypass Vulnerability
CVE-2025-29816 7.5 - High - April 08, 2025

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Acceptance of Extraneous Untrusted Data With Trusted Data

Mar 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-24078 7 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Mar 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-24079 7.8 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Microsoft Word Library Injection Vulnerability on macOS
CVE-2024-41165 7.1 - High - December 18, 2024

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Improper Verification of Cryptographic Signature

Dec 2024: Microsoft Office Remote Code Execution Vulnerability
CVE-2024-49065 5.5 - Medium - December 12, 2024

Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds Read

Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49033 7.5 - High - November 12, 2024

Microsoft Word Security Feature Bypass Vulnerability

Improper Input Validation

Microsoft Word RCE via Malformed Document (CVE-2024-21379)
CVE-2024-21379 7.8 - High - February 13, 2024

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office RCE via Office Component
CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

Microsoft Word Info Disclosure (CVE-2023-36009)
CVE-2023-36009 5.5 - Medium - December 12, 2023

Microsoft Word Information Disclosure Vulnerability

Sep 2023: Microsoft Word Information Disclosure Vulnerability
CVE-2023-36761 6.5 - Medium - September 12, 2023

Microsoft Word Information Disclosure Vulnerability

Improper Input Validation

Sep 2023: Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36762 7.3 - High - September 12, 2023

Microsoft Word Remote Code Execution Vulnerability

Improper Input Validation

Jul 2023: Windows Search Remote Code Execution Vulnerability
CVE-2023-36884 7.5 - High - July 11, 2023

Windows Search Remote Code Execution Vulnerability

Race Condition

Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-33150 9.6 - Critical - July 11, 2023

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29335 7.5 - High - May 09, 2023

Microsoft Word Security Feature Bypass Vulnerability

Microsoft Word Remote Code Execution (RCE) Vulnerability
CVE-2023-28311 7.8 - High - April 11, 2023

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word RCE via Vulnerable Component
CVE-2023-21716 9.8 - Critical - February 14, 2023

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Info Disclosure via Malformed File
CVE-2022-41060 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

MS Word RCE via Malicious OLE File
CVE-2022-41061 7.8 - High - November 09, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Info Disclosure Vulnerability
CVE-2022-41103 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

Microsoft Word RCE via RTF Untrusted Input
CVE-2022-41031 7.8 - High - October 11, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-29107 5.5 - Medium - May 10, 2022

Microsoft Office Security Feature Bypass Vulnerability

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903 7.8 - High - April 15, 2022

Windows Graphics Component Remote Code Execution Vulnerability

Microsoft Office Word Tampering Vulnerability
CVE-2022-24511 5.5 - Medium - March 09, 2022

Microsoft Office Word Tampering Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2022-21842 7.8 - High - January 11, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-40486 7.8 - High - October 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-34452 7.8 - High - July 16, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-31180 7.8 - High - May 11, 2021

Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31177 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Dangling pointer

Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178 5.5 - Medium - May 11, 2021

Microsoft Office Information Disclosure Vulnerability

Integer underflow

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453 7.8 - High - April 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Jan 2021: Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability

Jan 2021: Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1716 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability

Nov 2020: Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-17020 3.3 - Low - November 11, 2020

Microsoft Word Security Feature Bypass Vulnerability

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Word or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe