Word Microsoft Word

  1. Vendors
  2. Microsoft
  3. Word

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Word.

Recent Microsoft Word Security Advisories

Advisory Title Published
CVE-2026-13034 Chromium: CVE-2026-13034 Inappropriate implementation in Passwords June 27, 2026
CVE-2026-12458 CVE-2026-12458 Incorrect security UI in Passwords June 19, 2026
CVE-2026-12446 CVE-2026-12446 Insufficient data validation in Passwords June 19, 2026
CVE-2026-54411 CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repea June 16, 2026
CVE-2026-11696 Chromium: CVE-2026-11695 Inappropriate implementation in Passwords June 16, 2026
CVE-2026-11690 Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords June 16, 2026
CVE-2026-42766 CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption June 13, 2026
CVE-2026-9076 CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption June 13, 2026
CVE-2026-45458 CVE-2026-45458 Microsoft Outlook and Word Remote Code Execution Vulnerability June 9, 2026
CVE-2026-45466 CVE-2026-45466 Microsoft Word Information Disclosure Vulnerability June 9, 2026

Known Exploited Microsoft Word Vulnerabilities

The following Microsoft Word vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Word Information Disclosure Vulnerability Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
CVE-2023-36761 Exploit Probability: 19.0% 		September 12, 2023
Microsoft Word Malformed Object Pointer Vulnerability Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
CVE-2006-2492 Exploit Probability: 48.4% 		June 8, 2022
Microsoft Word Remote Code Execution Vulnerability Microsoft Word allows attackers to execute remote code or cause a denial-of-service via crafted RTF data.
CVE-2012-2539 Exploit Probability: 53.2% 		March 28, 2022
Microsoft Word Memory Corruption Vulnerability Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
CVE-2014-1761 Exploit Probability: 77.7% 		February 15, 2022

The vulnerability CVE-2014-1761: Microsoft Word Memory Corruption Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Microsoft Word vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 7 vulnerabilities in Microsoft Word with an average score of 7.0 out of ten. Last year, in 2025 Word had 13 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Word in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.62




Year Vulnerabilities Average Score
2026 7 7.00
2025 13 7.62
2024 5 7.14
2023 8 7.69
2022 8 6.65
2021 8 7.51
2020 15 7.36
2019 6 7.37
2018 27 8.13

It may take a day or so for new Word vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Word Security Vulnerabilities

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803 7.8 - High - June 09, 2026

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Integer Overflow or Wraparound

Jun 2026: Office for Android Spoofing Vulnerability
CVE-2026-45649 7.1 - High - June 09, 2026

Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft Office Spoofing Vulnerability
CVE-2026-42832 7.7 - High - May 12, 2026

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft Word for Android Spoofing Vulnerability
CVE-2026-41101 7.1 - High - May 12, 2026

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Authorization

May 2026: Microsoft 365 Copilot for Android Spoofing Vulnerability
CVE-2026-41100 4.4 - Medium - May 12, 2026

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Authorization

Mar 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-26133 7.1 - High - March 13, 2026

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Command Injection

Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733 8.4 - High - August 12, 2025

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Incorrect Conversion between Numeric Types

Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53738 7.8 - High - August 12, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Aug 2025: Microsoft Word Information Disclosure Vulnerability
CVE-2025-53736 6.8 - Medium - August 12, 2025

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Buffer Over-read

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49703 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49698 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49699 7 - High - July 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49700 7.8 - High - July 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47168 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-27747 7.8 - High - April 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Apr 2025: Microsoft Word Security Feature Bypass Vulnerability
CVE-2025-29816 7.5 - High - April 08, 2025

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Acceptance of Extraneous Untrusted Data With Trusted Data

Mar 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-24078 7 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Mar 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-24079 7.8 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Microsoft Word Library Injection Vulnerability on macOS
CVE-2024-41165 7.1 - High - December 18, 2024

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Improper Verification of Cryptographic Signature

Dec 2024: Microsoft Office Remote Code Execution Vulnerability
CVE-2024-49065 5.5 - Medium - December 12, 2024

Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds Read

Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49033 7.5 - High - November 12, 2024

Microsoft Word Security Feature Bypass Vulnerability

Improper Input Validation

Microsoft Word RCE via Malformed Document (CVE-2024-21379)
CVE-2024-21379 7.8 - High - February 13, 2024

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office RCE via Office Component
CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

Microsoft Word Info Disclosure (CVE-2023-36009)
CVE-2023-36009 5.5 - Medium - December 12, 2023

Microsoft Word Information Disclosure Vulnerability

Sep 2023: Microsoft Word Information Disclosure Vulnerability
CVE-2023-36761 6.5 - Medium - September 12, 2023

Microsoft Word Information Disclosure Vulnerability

Improper Input Validation

Sep 2023: Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36762 7.3 - High - September 12, 2023

Microsoft Word Remote Code Execution Vulnerability

Improper Input Validation

Jul 2023: Windows Search Remote Code Execution Vulnerability
CVE-2023-36884 7.5 - High - July 11, 2023

Windows Search Remote Code Execution Vulnerability

Race Condition

Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-33150 9.6 - Critical - July 11, 2023

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29335 7.5 - High - May 09, 2023

Microsoft Word Security Feature Bypass Vulnerability

Microsoft Word Remote Code Execution (RCE) Vulnerability
CVE-2023-28311 7.8 - High - April 11, 2023

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word RCE via Vulnerable Component
CVE-2023-21716 9.8 - Critical - February 14, 2023

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Info Disclosure via Malformed File
CVE-2022-41060 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

MS Word RCE via Malicious OLE File
CVE-2022-41061 7.8 - High - November 09, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Info Disclosure Vulnerability
CVE-2022-41103 5.5 - Medium - November 09, 2022

Microsoft Word Information Disclosure Vulnerability

Microsoft Word RCE via RTF Untrusted Input
CVE-2022-41031 7.8 - High - October 11, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-29107 5.5 - Medium - May 10, 2022

Microsoft Office Security Feature Bypass Vulnerability

Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903 7.8 - High - April 15, 2022

Windows Graphics Component Remote Code Execution Vulnerability

Microsoft Office Word Tampering Vulnerability
CVE-2022-24511 5.5 - Medium - March 09, 2022

Microsoft Office Word Tampering Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2022-21842 7.8 - High - January 11, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-40486 7.8 - High - October 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-34452 7.8 - High - July 16, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-31180 7.8 - High - May 11, 2021

Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability
CVE-2021-31177 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability

Dangling pointer

Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178 5.5 - Medium - May 11, 2021

Microsoft Office Information Disclosure Vulnerability

Integer underflow

Microsoft Word Remote Code Execution Vulnerability
CVE-2021-28453 7.8 - High - April 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Jan 2021: Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability

Jan 2021: Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1716 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability

Nov 2020: Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-17020 3.3 - Low - November 11, 2020

Microsoft Word Security Feature Bypass Vulnerability

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Word or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Word
Product

subscribe