CNNVD-202507-1120 Information

Jul 08, 2025 cve

CNNVD ID

CNNVD-202507-1120

CVE-2025-49695

  • CNNVD Published: 2025-07-08

Description (Chinese)

Microsoft Office是美国微软(Microsoft)公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office存在资源管理错误漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft 365 Apps for Enterprise for 64-bit Systems,Microsoft Office LTSC for Mac 2021,Microsoft Office LTSC 2021 for 64-bit editions,Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Office for Android,Microsoft Office LTSC 2024 for 32-bit editions,Microsoft Office LTSC 2024 for 64-bit editions,Microsoft Office LTSC for Mac 2024,Microsoft Office 2016 (32-bit edition),Microsoft Office 2016 (64-bit edition)。

Description (English)

Microsoft Office is an office software package product for Microsoft (USA). Common components of the product include Word, Excel, Access, PowerPoint, FrontPage, etc. Microsoft Office has an error in resource management. The attackers used the loophole to implement the code remotely. The following products and versions are affected: Microsoft Office 2019 for 32-bit effects, Microsoft Office 2019 for 64-bit effects, Microsoft Apps for Enterprise for 32-bit Systems, Microsoft Apps for Enterprise for 64-bit Systems, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC for 64-bit effects, Microsoft Office Office 2021 for 32-bit effects, Microsoft Office Office Orders Androids for Office Systems, 2024 for Office Services Ltds, Microsoft Office for Staff Orders 2024 for 64-bit edictions, Microsoft Office Liechtenstein 2016 32-bit effects, Office Office Offices for Office Services Ltd., 2024 for Office Services Ltd., Microsoft Office for Office Services Ltd. 2024 for 64-bit Ltd. for 64-bit Editions, Microsoft Office for Mac 2024, Microsoft Office 201632-Offices, Office Offices, Office Office Offices 2032-bies, Office Offices, 2024 for Office Offices 2064-b.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

微软

Published

2025-07-08

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695

Share on: