CVE-2026-50467 - Microsoft Office Remote Code Execution Vulnerability is a use-after-free issue in Microsoft Office that can lead to remote code execution. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, requires no privileges, but does require user interaction. Microsoft indicates it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. The FAQ states an attacker must send a malicious Office file and convince the user to open it; the Preview Pane is also an attack vector. Because the attack is local/user-assisted rather than network-based, enterprise risk is higher for environments where users routinely open untrusted Office content, but lower than a remotely reachable, no-interaction flaw. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impact. - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL with LOW attack complexity, NO privileges required, and UI required. - Severity for enterprise: High technical severity, but real-world risk is constrained by the local/user-interaction requirement. Phishing-style delivery via malicious Office files is relevant, including Preview Pane exposure. - Patch status: available Affected systems: - Not listed in product_tree.