ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3.
ORIGINAL SOURCE →via Zero Day Initiative
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit - The Block
- [CYBER] CVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
- [CYBER] CVE-2026-1951 - No checking of the length of the buffer with the directory name in AS320T
- [CYBER] CVE-2026-1950 - No checking of the length of the buffer with the file name in AS320T
- [CYBER] Python Vulnerability Enables Out-of-Bounds Write on Windows