#rce

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to execute code locally.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click a specially crafted button for the attacker to successfully exploit the vulnerability.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.