Microsoft’s CVE naming can look contradictory at a glance: a Microsoft Office entry labeled “Remote Code Execution” while its CVSS vector reads AV:L (Local). That apparent mismatch is not a mistake — it’s a product of two separate, sensible conventions colliding: one is a vendor‑level...