CVE-2024-49059

Опубликовано: 10 дек. 2024

Источник: msrc

CVSS3: 7

EPSS Низкий

Описание

Microsoft Office Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Обновления

Продукт	Статья	Обновление
Microsoft Office 2016 (32-bit edition)	4475587	Security Update
Microsoft Office 2016 (64-bit edition)	4475587	Security Update
Microsoft Office 2019 for 32-bit editions	Click to Run	-
Microsoft Office 2019 for 64-bit editions	Click to Run	-
Microsoft 365 Apps for Enterprise for 32-bit Systems	Click to Run	-
Microsoft 365 Apps for Enterprise for 64-bit Systems	Click to Run	-
Microsoft Office LTSC 2021 for 64-bit editions	Click to Run	-
Microsoft Office LTSC 2021 for 32-bit editions	Click to Run	-
Microsoft Office LTSC 2024 for 32-bit editions	Click to Run	-
Microsoft Office LTSC 2024 for 64-bit editions	Click to Run	-

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 29%

0.00103

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2024-49059

CVSS3: 7

nvd

около 1 года назад

Microsoft Office Elevation of Privilege Vulnerability

GHSA-x9mq-h652-rw6x

CVSS3: 7

github

около 1 года назад

Microsoft Office Elevation of Privilege Vulnerability

BDU:2024-11072

CVSS3: 7

fstec

около 1 года назад

Уязвимость пакетов программ Microsoft Office, связанная с некорректным определением символических ссылок перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 29%

0.00103

Низкий

7 High

CVSS3