Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-47635 Published on June 9, 2026
Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2026-47635
Want to know whenever a new CVE is published for Microsoft Office 2024? stack.watch will email you.
Affected Versions
Microsoft Office LTSC 2024:- Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.