CVE

CVE Diary

CVE-2025-21363

2025.03.04

# SummaryOS: window 10/11TARGET: msoffice winword.exeTYPE: Microsoft Word Remote Code Execution Vulnerability # DescriptionThis vulnerability was discovered during the process of parsing the .docx file structure in the WINWORD.EXE program.By exploiting this vulnerability, attacker can control the IP register by referencing an arbitrary heap chunk. # AnalysisA function allocates and frees a sma..

CVE Diary

CVE-2025-21298

2025.03.04

# SummaryOS: Window 7/10/11TARGET: msoffice winword.exe / windowTYPE: Windows OLE Remote Code Execution Vulnerability # DescriptionThis vulnerability can occur in M365 product lines that support OleObject insertion .This vulnerability allows the same object to be released twice, potentially invoking a function at an arbitrary address. # AnalysisBelow is an excerpt of the code at the time the v..

CVE-2025-21363

CVE-2025-21298

티스토리툴바