#rce

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** A remote (AV:N) attacker could create a specially crafted GitHub issue within a user's repository. To exploit this, the user must enable a particular mode on the attacker’s crafted issue, which would execute the issue’s description and enable remote code execution by the attacker.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.