Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2021-27055

Опубликовано: 09 мар. 2021
Источник: msrc
CVSS3: 7
EPSS Низкий

Описание

Microsoft Visio Security Feature Bypass Vulnerability

FAQ

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

What is the attack vector for this vulnerability?

Initially an Administrator would need to set a Group Policy in a specific way. Then, an attacker would then need to modify a macro-enabled template that ships with Excel. Then the attacker needs to convince a target to run that malicious file on a system affected by that Policy.

Обновления

ПродуктСтатьяОбновление
Microsoft Visio 2010 Service Pack 2 (32-bit editions)
4484376
Security Update
Microsoft Visio 2010 Service Pack 2 (64-bit editions)
4484376
Security Update
Microsoft Visio 2013 Service Pack 1 (32-bit editions)
4486673
Security Update
Microsoft Visio 2013 Service Pack 1 (64-bit editions)
4486673
Security Update
Microsoft Visio 2016 (32-bit edition)
4493151
Security Update
Microsoft Visio 2016 (64-bit edition)
4493151
Security Update
Microsoft Office 2019 for 32-bit editions
Click to Run
-
Microsoft Office 2019 for 64-bit editions
Click to Run
-
Microsoft 365 Apps for Enterprise for 32-bit Systems
Click to Run
-
Microsoft 365 Apps for Enterprise for 64-bit Systems
Click to Run
-

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 82%
0.01694
Низкий

7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-27055

CVSS3: 7
nvd
почти 5 лет назад

Microsoft Visio Security Feature Bypass Vulnerability

github логотип

GHSA-4pfg-92mj-fx5w

CVSS3: 7
github
больше 3 лет назад

Microsoft Visio Security Feature Bypass Vulnerability

fstec логотип

BDU:2021-01363

CVSS3: 7.1
fstec
почти 5 лет назад

Уязвимость графического редактора Microsoft Visio, пакетов программ Microsoft Office, 365 Apps for Enterprise, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 82%
0.01694
Низкий

7 High

CVSS3