#auth

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker, initially a non-admin user on the host, could hijack the PowerShell Direct session intended for communication between the admin user on host and a guest VM. This unauthorized access enables the attacker to impersonate the admin host user in communications with the guest, potentially manipulating or controlling guest-side operations.