Security Updates for Microsoft Office Products C2R (May 2026)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-40358 - Heap-based buffer overflow in Microsoft Office allows an unauthorized...

CVE-2026-40420

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-40418

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-35436

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

EUVD-2026-29677

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

EUVD-2026-29675

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

CVE-2026-40420

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-40418

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-35436

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

CVE-2026-40420

CVE-2026-40420 : Affected product: Microsoft Office Click-To-Run. Description: Improper access control allows an authorized attacker to elevate privileges locally. The vulnerability is described across multiple sources (NVD, CVE lists) with a high impact score (CVSS 3.1: AV:L/AC:L/PR:L/UI:N/S:C/C...

CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-35436

CVE-2026-35436 describes an elevation of privilege vulnerability in Microsoft Office Click-To-Run caused by insufficient granularity of access control. The CVE affects Office Click-To-Run components, enabling an attacker with LOCAL access and LOW privileges, and with NO user interaction, to achie...

CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-40418

Technical details (affected product, vulnerable component, version, exploit method) are not publicly available in the provided documents. Monitor for updates from official advisories.

CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

...

CVE-2026-40419

CVE-2026-40419 : A use-after-free vulnerability in Microsoft Office (Click-To-Run) could allow an authorized local attacker to achieve elevation of privilege. The underlying cause is a use-after-free issue in Office components, leading to local privilege escalation. Documented impact is local, wi...