cve-2026-45471

CVE-2026-45471 is a Microsoft Word remote code execution vulnerability that has generated discussion on WindowsForum.com due to its unusual CVSS classification. Although Microsoft labels it as remote code execution, the CVSS attack vector is local. This distinction arises because the attacker may be remote, but the vulnerable code must be triggered locally on the victim's machine, typically when a user opens a malicious document. The tag covers community analysis of this discrepancy, explaining how Office vulnerabilities often involve an attacker sending a document from elsewhere, while the dangerous execution path occurs inside Word after the file is opened or previewed. Discussions focus on the technical nuance between attacker geography and exploit mechanics.