local code execution

Microsoft’s Security Update Guide lists CVE-2025-54910 as a heap-based buffer overflow in Microsoft Office that can allow an attacker to execute code locally when a crafted Office document is processed, but the vendor’s advisory requires direct inspection for exact builds and KB identifiers...

Microsoft has published an advisory for CVE-2025-54900, a heap‑based buffer overflow in Microsoft Excel that can allow an attacker to execute code on a victim machine when a crafted spreadsheet is opened — an issue administrators and home users should treat as high priority for patching and...

Microsoft's advisory confirms a use‑after‑free flaw in Microsoft Excel that can lead to local code execution when a specially crafted spreadsheet is opened, creating a potentially serious escalation path on unpatched systems. Overview This vulnerability, tracked as CVE‑2025‑54904, is listed in...

Siemens’ Simcenter Femap has received a fresh security spotlight: two file‑parsing vulnerabilities that allow local code execution when a user opens specially crafted STP or BMP files, and Siemens has published fixed versions while U.S. authorities have republished the advisory for awareness...

Microsoft’s Security Response Center has cataloged CVE-2025-53731 as a memory corruption vulnerability in Microsoft Office — a use-after-free bug that can allow an attacker to execute code locally on an affected system when a specially crafted Office file is processed. The advisory classifies...

Microsoft has published a security advisory for CVE-2025-53730, a use‑after‑free vulnerability in Microsoft Office Visio that Microsoft describes as allowing an unauthorized attacker to execute code locally when a specially crafted Visio file is opened. Background Microsoft Visio is a widely...

A series of newly discovered vulnerabilities in Rockwell Automation’s Arena simulation software have jolted the industrial software ecosystem, underscoring the persistent security challenges faced by critical manufacturing sectors worldwide. Carrying a high CVSS v4 base score of 8.4, these...

Microsoft Office, a mainstay of productivity environments worldwide, has once again come under scrutiny due to the emergence of a critical security vulnerability identified as CVE-2025-30377. This recently disclosed flaw is described as a “use-after-free” vulnerability, which allows unauthorized...

A Fresh Threat on the Horizon In a chilling reminder that no piece of software is truly immune, cybersecurity experts have recently highlighted CVE-2025-26642—a vulnerability in Microsoft Office that has raised alarm bells. This out-of-bounds read flaw, if exploited, has the potential to allow...

In a recent advisory, a critical vulnerability (CVE-2025-24985) has been identified in the Windows Fast FAT File System Driver. The flaw, triggered by an integer overflow or wraparound condition, could enable an attacker to execute code by exploiting the vulnerable driver. Although the...

A critical vulnerability has emerged in Microsoft Word—documented as CVE-2025-24077—that merits the immediate attention of Windows users and system administrators alike. This use after free flaw, inherent in the memory management of Microsoft Office Word, can potentially allow an unauthorized...

In today’s ever-evolving cybersecurity landscape, even our most trusted productivity tools can harbor hidden dangers. A new vulnerability—CVE-2025-24075—targets Microsoft Office Excel, exploiting a stack-based buffer overflow that enables an unauthorized attacker to execute code locally on the...

A freshly disclosed vulnerability in Microsoft Office has caught the attention of the cybersecurity community. Tagged CVE-2025-24057, this issue arises from a heap-based buffer overflow—a classic memory management blunder—that could allow an unauthorized attacker to execute code locally on an...

A newly identified vulnerability in Microsoft Office Word—registered as CVE-2025-24078—has emerged as a critical security concern for Windows users. This use-after-free flaw in Word can allow unauthorized attackers to execute code locally, underscoring the need for a rigorous approach to patch...

Microsoft Access has long been a cornerstone for database solutions in many organizations, but even trusted, longstanding applications aren't immune to emerging security threats. The latest vulnerability, CVE-2025-26630, highlights a use-after-free flaw in Microsoft Office Access that may allow...

Microsoft Word’s Use-After-Free Vulnerability: A Deep Dive into CVE-2025-24079 In our fast-evolving digital world, where new features and performance enhancements often come hand-in-hand with hidden security risks, a recent vulnerability in Microsoft Office Word has captured the attention of...

The discovery of CVE-2025-21180 serves as a stark reminder that even the most fundamental components of our operating systems can harbor critical vulnerabilities. This particular flaw—a heap-based buffer overflow in the Windows exFAT file system—could allow a local attacker to execute arbitrary...