Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21379

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Word 2016
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability exists in Microsoft Word that may allow an attacker to execute arbitrary code on a user's system. This occurs when a specially crafted document is opened by the affected version of the application. Successful exploitation of this vulnerability may enable an attacker to take control of the affected system, allowing them to install programs, view, change or delete data, or create new accounts with full user rights. Users of Microsoft Word are urged to apply the recommended updates to mitigate the risk associated with this security flaw.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed