Описание
Microsoft Excel Security Feature Bypass Vulnerability
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
Opening a malicious file could bypass the Microsoft Office Trust Center external links check. External links can include Dynamic Data Exchange (DDE) and/or references to other workbooks. See Block or unblock external content in Office documents - Microsoft Support for descriptions of related Trust Center settings.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send the user a malicious file and convince them to open it.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Excel 2016 (32-bit edition) | ||
| Microsoft Excel 2016 (64-bit edition) | ||
| Microsoft Office 2019 for 32-bit editions | - | |
| Microsoft Office 2019 for 64-bit editions | - | |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC for Mac 2021 | ||
| Microsoft Office LTSC 2021 for 64-bit editions | - | |
| Microsoft Office LTSC 2021 for 32-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Microsoft Excel Security Feature Bypass Vulnerability
Уязвимость пакета программ Microsoft Office, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти ограничения безопасности и повысить свои привилегии
EPSS
7.8 High
CVSS3