Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43616

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 8 October 2024

Summary

Microsoft Office contains a remote code execution vulnerability that arises when the software improperly handles objects in memory. An attacker can exploit this vulnerability by convincing a user to open a specially crafted file, which could allow the attacker to execute arbitrary code on the affected system. Successful exploitation might result in unauthorized access to system resources, data corruption, or other malicious actions. Users are advised to ensure their applications are updated to mitigate the risk associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 14, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed