Описание
Microsoft Office Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
Is the Preview Pane an attack vector for this vulnerability?
Yes. The Preview Pane is an attack vector, but additional user interaction is required.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Office 2016 (32-bit edition) | ||
| Microsoft Office 2016 (64-bit edition) | ||
| Microsoft Office 2019 for 32-bit editions | - | |
| Microsoft Office 2019 for 64-bit editions | - | |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC 2021 for 64-bit editions | - | |
| Microsoft Office LTSC 2021 for 32-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Microsoft Office Remote Code Execution Vulnerability
Уязвимость пакета программ Microsoft Office, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3