#rce

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.