Описание
Microsoft Word Security Feature Bypass Vulnerability
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
According to the CVSS metric, the attack vector is local (AV:L) but no privileges are required (PR:N) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?
The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View.
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?
While this vulnerability would not allow macros to be enabled or remove certain protections, it could allow specific protections to be bypassed in Protected View. This could lead users to open files and not be notified of the risks involved with using a file from the Internet.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Microsoft Word Security Feature Bypass Vulnerability.
Уязвимость пакетов программ Microsoft Office и Microsoft 365 Apps for Enterprise, связанная с ошибками в настройках безопасности, позволяющая нарушителю выполнить обход функций безопасности
EPSS
5.5 Medium
CVSS3