Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43616
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 8 October 2024
Summary
Microsoft Office contains a remote code execution vulnerability that arises when the software improperly handles objects in memory. An attacker can exploit this vulnerability by convincing a user to open a specially crafted file, which could allow the attacker to execute arbitrary code on the affected system. Successful exploitation might result in unauthorized access to system resources, data corruption, or other malicious actions. Users are advised to ensure their applications are updated to mitigate the risk associated with this vulnerability.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Office 2019 32-bit Systems 19.0.0
Microsoft Office LTSC 2021 x64-based Systems 16.0.1
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved