Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2024; Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-49029?

A vulnerability exists in Microsoft Excel that enables remote code execution. This flaw allows an attacker to execute arbitrary commands on a user's machine when a manipulated Excel file is opened. Successful exploitation of this vulnerability could lead to unauthorized actions performed on behalf of the user, potentially compromising sensitive information. Users are advised to apply security updates from Microsoft to mitigate this risk and ensure the integrity of their systems.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5474.1001

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024