Описание
Microsoft Word Security Feature Bypass Vulnerability
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a user open a specially crafted Word file.
- In an email attack scenario, an attacker could exploit the vulnerability by sending a link to the specially crafted Word file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message. Then the attacker must convince the victim to open the malicious file.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Word 2016 (32-bit edition) | ||
| Microsoft Word 2016 (64-bit edition) | ||
| Microsoft Office 2019 for 32-bit editions | - | |
| Microsoft Office 2019 for 64-bit editions | - | |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC for Mac 2021 | ||
| Microsoft Office LTSC 2021 for 64-bit editions | - | |
| Microsoft Office LTSC 2021 for 32-bit editions | - | |
| Microsoft Office LTSC 2024 for 32-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Microsoft Word Security Feature Bypass Vulnerability
Уязвимость текстового редактора Microsoft Word, пакетов программ Microsoft Office и Microsoft 365 Apps for Enterprise, связанная с недостаточной проверкой входных данных, позволяющая нарушителю отключить режим защищенного просмотра
EPSS
7.5 High
CVSS3