Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49032

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2024; Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability in Microsoft Office Graphics poses a significant threat where attackers could exploit the graphics rendering process to execute arbitrary code on a victim's machine. By crafting malicious graphics files and enticing users to open them, an attacker gains the ability to compromise the integrity of the impacted system. This situation underscores the necessity for organizations and individuals to apply security patches and stay informed about updates from Microsoft to mitigate the risk associated with this vulnerability. Comprehensive security practices and regular audits are essential to safeguard systems against such remote code execution threats.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5474.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed