Library Injection Vulnerability in Microsoft Teams for macOS Systems
CVE-2024-42004

7.1HIGH

Key Information:

Vendor: Microsoft
Vendor: CVE Published:; 18 December 2024

Summary

CVE-2024-42004 presents a significant library injection vulnerability within Microsoft Teams specifically for the macOS platform, version 24046.2813.2770.1094. This flaw allows attackers to exploit Teams's elevated access privileges by utilizing a specially crafted library. As a result, malicious applications can inject this library into Teams, enabling them to bypass permission restrictions and execute unauthorized actions using the application’s privileges. Such a vulnerability exposes users to potential data breaches and unauthorized access, making it crucial for users to apply security updates and adhere to best practices for safeguarding their systems.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2024

Collectors

NVD Database