Описание
Microsoft Word Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send a user a malicious Office file and convince them to open it.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
This update addresses a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft 365 Apps for Enterprise for 32-bit Systems | - | |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | - | |
| Microsoft Office LTSC for Mac 2021 | ||
| Microsoft Office LTSC 2021 for 64-bit editions | - | |
| Microsoft Office LTSC 2021 for 32-bit editions | - | |
| Microsoft Office LTSC 2024 for 32-bit editions | - | |
| Microsoft Office LTSC 2024 for 64-bit editions | - | |
| Microsoft Office LTSC for Mac 2024 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Уязвимость пакета программ Microsoft Office, связанная с использованием ненадежных входных данных при принятии решений по безопасности, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
7.8 High
CVSS3