Microsoft classified CVE-2026-47290 as a Microsoft Office remote code execution vulnerability even though its CVSS attack vector is Local, because the two labels describe different parts of the attack. Remote code execution describes the attacker’s ability to cause code to run on another...