ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3.
ORIGINAL SOURCE →via Zero Day Initiative
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Lauren Bonvini on Building Confidence Through a More Practical Approach to Stage Fright
- [CYBER] The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities
- [CYBER] After the Kelp hack, TVL in DeFi faced a liquidity outflow - Coinspot.io
- [CYBER] Trojanized Android App Fuels New Wave of NFC Fraud
- [CYBER] Ransomware negotiator pleads guilty to helping ransomware gang
- [CYBER] CVE-2026-40565 - FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href