Remote Code Execution Vulnerability Affects Microsoft Excel
CVE-2024-38170

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability in Microsoft Excel allows attackers to execute arbitrary code on a user's system through specially crafted spreadsheet files. This can lead to unauthorized access and manipulation of data, posing significant risks to users and organizations. It is essential for all users of affected versions of Microsoft Excel to apply the necessary security updates provided by Microsoft to protect themselves from potential exploitation. For detailed guidance and updates, refer to the official advisory.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.88.24081116

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed