#Security Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Microsoft Office allows an authorized attacker to execute code locally.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically: * msds-groupMSAMembership: This attribute allows the user to utilize the dMSA. * msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.