Office Spoofing Vulnerability Allows Attackers to Execute Malicious Code
Key Information
- Vendor
- Microsoft
- Status
- Microsoft Office 2019
- Microsoft 365 Apps For Enterprise
- Microsoft Office Ltsc 2021
- Microsoft Office 2016
- Vendor
- CVE Published:
- 12 August 2024
Badges
Summary
The Office Spoofing Vulnerability (CVE-2024-38200) has been discovered and exploited in Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, and Microsoft Office 2019. It is a zero-day flaw that allows unauthorized disclosure of sensitive information when successfully exploited. The exploit can be enacted through a specially crafted file hosted on a compromised or attacking website, and would generally require user interaction to be successful. A patch is expected on August 13, but a mitigation solution has been identified and implemented. Microsoft is also working on addressing two other zero-day vulnerabilities. This could be part of a larger trend of zero-day exploits targeting Microsoft software, underscoring the importance of timely patching and security awareness.
Affected Version(s)
Microsoft Office 2019 < 19.0.0
Microsoft 365 Apps for Enterprise < 16.0.1
Microsoft Office LTSC 2021 < 16.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
PoC Exploit Released for Microsoft Office 0-day Flaw - CVE-2024-38200
Security researchers have released a proof-of-concept (PoC) exploit for the recently disclosed Microsoft Office vulnerability CVE-2024-38200, which could allow attackers to capture users' NTLMv2 hashes.
4 days ago
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to
2 months ago
Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today
The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.
2 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 7.5 to: 6.5 - (MEDIUM)
Vulnerability published.
First article discovered by News.de
Vulnerability Reserved.