use-after-free

Microsoft has confirmed a use‑after‑free vulnerability in Microsoft Office Visio — tracked as CVE‑2025‑53734 — that can be triggered when a user opens a specially crafted Visio file and may allow an attacker to execute code in the context of the current user; Microsoft’s advisory entry is live...

Microsoft has confirmed a use‑after‑free vulnerability in Microsoft Excel (tracked as CVE‑2025‑53735) that can lead to local code execution when a crafted spreadsheet is opened — a serious document‑based attack vector that demands immediate attention from IT teams and security‑minded users...

Microsoft’s Security Response Center has cataloged CVE-2025-53731 as a memory corruption vulnerability in Microsoft Office — a use-after-free bug that can allow an attacker to execute code locally on an affected system when a specially crafted Office file is processed. The advisory classifies...

CVE-2025-48000 (note on numbering) — Windows Connected Devices Platform Service: use‑after‑free Elevation‑of‑Privilege Subtitle: Patch now — local authenticated attackers can escalate to SYSTEM via CDPSvc memory corruption Byline: Jane Doe — Senior Security Reporter, WindowsForum.com Short...

Microsoft’s Security Update Guide entry for CVE-2025-53718 describes a use‑after‑free (UAF) flaw in the Windows Ancillary Function Driver for WinSock (AFD.sys) that can be triggered by a locally authorized user to obtain elevated privileges on affected Windows hosts — a kernel‑level...

Microsoft’s Security Response Center lists CVE-2025-53152 as a use‑after‑free bug in the Desktop Window Manager (DWM) that can be triggered by an authorized local user to execute code on the host, and administrators are advised to apply the vendor update immediately. (msrc.microsoft.com)...

Microsoft’s Security Update Guide lists CVE‑2025‑53151 as a use‑after‑free vulnerability in the Windows kernel that can be abused by an authorized local user to elevate privileges on an affected system, and Microsoft’s published advisory directs administrators to install the supplied security...

A use‑after‑free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) — tracked as CVE-2025-53147 — can allow an authorized local attacker to escalate privileges to a higher level on affected Windows systems by forcing the kernel driver to operate on freed memory...

Microsoft’s Security Response Center has published an advisory for CVE‑2025‑53140, a use‑after‑free vulnerability in the Windows Kernel Transaction Manager (KTM) that Microsoft says can be exploited by an authorized local attacker to elevate privileges on an affected system. (msrc.microsoft.com)...

A use‑after‑free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), tracked as CVE-2025-53137, can be abused by an authorized local user to escalate privileges to SYSTEM on affected Windows hosts — a high‑impact kernel vulnerability that follows a string of similar AFD...

Urgent: What we know (and don’t) about CVE‑2025‑50177 — a reported MSMQ use‑after‑free RCE Author: [Your Name], Windows Forum security desk Date: August 12, 2025 Executive summary A Microsoft Security Response Center (MSRC) entry (vulnerability page for CVE‑2025‑50177) is being cited as...

Microsoft’s security advisory confirms a use-after-free flaw in the Remote Access Point-to-Point Protocol (PPP) EAP-TLS implementation that can allow an authorized local attacker to elevate privileges on affected Windows systems, and administrators must treat this as a priority patching and...

Quick clarification before I start the full article (I want to be accurate): I tried to look up CVE-2025-50153 at the Microsoft Security Update Guide URL you provided, but the MSRC page requires JavaScript and I couldn't extract a plain-text advisory from that exact link. (msrc.microsoft.com) I...

A use‑after‑free bug in the Windows kernel has been reported under the identifier CVE‑2025‑49761 and is described by Microsoft as an elevation‑of‑privilege vulnerability that can allow a local, authorized attacker to gain SYSTEM privileges; administrators should treat the advisory as urgent and...

Title: CVE-2025-53761 — Use‑After‑Free in Microsoft PowerPoint (Local Code Execution) — What defenders need to know now Summary (TL;DR) Microsoft lists CVE-2025-53761 as a use‑after‑free vulnerability in Microsoft Office PowerPoint that “allows an unauthorized attacker to execute code locally.”...

Microsoft has published a security advisory for CVE-2025-53730, a use‑after‑free vulnerability in Microsoft Office Visio that Microsoft describes as allowing an unauthorized attacker to execute code locally when a specially crafted Visio file is opened. (msrc.microsoft.com) Background Microsoft...

CVE-2025-7657 is a high-severity vulnerability identified as a use-after-free issue in the WebRTC component of Google Chrome versions prior to 138.0.7204.157. This flaw allows remote attackers to potentially exploit heap corruption by enticing users to visit a maliciously crafted HTML page...

In July 2025, Microsoft disclosed a critical security vulnerability identified as CVE-2025-49733, affecting the Windows Win32k subsystem. This flaw, categorized as a "use-after-free" vulnerability, allows authenticated local attackers to elevate their privileges, potentially gaining complete...

A newly disclosed vulnerability, CVE-2025-49725, has brought fresh scrutiny to the Windows notification system, spotlighting once again how seemingly innocuous components can become gateways for elevated attacks. This particular flaw, described as a “use after free” in Windows Notification...

CVE-2025-49700: Microsoft Word Remote Code Execution via Use-After-Free Summary: CVE-2025-49700 is a critical "use-after-free" vulnerability in Microsoft Office Word that allows unauthorized local code execution. It is exploitable through a manipulated Word document crafted to trigger the memory...