Vulnerabilites related to Microsoft - Microsoft Office LTSC 2024
cve-2025-21357
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Outlook Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21357 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21357", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:34.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Outlook 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*", versionEndExcluding: "16.0.5483.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Outlook Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-908", description: "CWE-908: Use of Uninitialized Resource", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:42.984Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Outlook Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21357", }, ], title: "Microsoft Outlook Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21357", datePublished: "2025-01-14T18:04:07.035Z", dateReserved: "2024-12-11T00:29:48.356Z", dateUpdated: "2025-04-02T13:23:42.984Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21354
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21354 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20047 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21354", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:31.683Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20047", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20047", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:41.687Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21354", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21354", datePublished: "2025-01-14T18:04:05.861Z", dateReserved: "2024-12-11T00:29:48.355Z", dateUpdated: "2025-04-02T13:23:41.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26630
Vulnerability from cvelistv5
Published
2025-03-11 16:59
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26630 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26630", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:25:25.168628Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:28:17.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (32-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Access 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5491.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5491.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:34.173Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Access Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26630", }, ], title: "Microsoft Access Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-26630", datePublished: "2025-03-11T16:59:23.402Z", dateReserved: "2025-02-12T19:23:29.267Z", dateUpdated: "2025-04-03T21:15:34.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21395
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Access Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21395", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:41.353Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (32-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Access 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Access Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:49.432Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Access Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395", }, ], title: "Microsoft Access Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21395", datePublished: "2025-01-14T18:04:12.837Z", dateReserved: "2024-12-11T00:29:48.374Z", dateUpdated: "2025-04-02T13:23:49.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49030
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49030", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:35.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1001", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1001", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:28.164Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49030", datePublished: "2024-11-12T17:54:22.901Z", dateReserved: "2024-10-11T20:57:49.184Z", dateUpdated: "2025-01-30T00:10:28.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21394
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21394 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20058 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21394", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-20T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-21T04:56:21.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20058", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20058", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:38.208Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21394", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21394", datePublished: "2025-02-11T17:58:38.564Z", dateReserved: "2024-12-11T00:29:48.374Z", dateUpdated: "2025-03-12T01:42:38.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24075
Vulnerability from cvelistv5
Published
2025-03-11 16:59
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24075 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20073 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24075", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:25:43.046818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:30:17.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20073", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20073", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:26.760Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24075", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24075", datePublished: "2025-03-11T16:59:15.872Z", dateReserved: "2025-01-16T23:11:19.736Z", dateUpdated: "2025-04-03T21:15:26.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21186
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Access Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21186", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:42.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (32-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Access 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Access Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:58.827Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Access Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186", }, ], title: "Microsoft Access Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21186", datePublished: "2025-01-14T18:04:20.776Z", dateReserved: "2024-12-05T21:43:30.764Z", dateUpdated: "2025-04-02T13:23:58.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21345
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21345 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21345", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:43.120Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Visio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:39.591Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Visio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21345", }, ], title: "Microsoft Office Visio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21345", datePublished: "2025-01-14T18:04:04.206Z", dateReserved: "2024-12-11T00:29:48.353Z", dateUpdated: "2025-04-02T13:23:39.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24077
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:14
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24077 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24077", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:55.998398Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:52.278Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:14:58.559Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24077", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24077", datePublished: "2025-03-11T16:58:55.123Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:14:58.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26629
Vulnerability from cvelistv5
Published
2025-03-11 16:59
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26629", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:25:27.764757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:28:27.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:33.629Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-26629", datePublished: "2025-03-11T16:59:22.734Z", dateReserved: "2025-02-12T19:23:29.267Z", dateUpdated: "2025-04-03T21:15:33.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24081
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24081 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20073 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24081", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:44.531980Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:19.715Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20073", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20073", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:03.440Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24081", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24081", datePublished: "2025-03-11T16:58:57.773Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:15:03.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49069
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49069", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T04:56:00.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.92.24120731", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.92.24120731", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1002", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.92.24120731", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.92.24120731", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5478.1002", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:04.688Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49069", datePublished: "2024-12-10T17:49:06.980Z", dateReserved: "2024-10-11T20:57:49.195Z", dateUpdated: "2025-03-11T16:44:04.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43505
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43505 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43505", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:50:36.518931Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:50:49.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Visio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-357", description: "CWE-357: Insufficient UI Warning of Dangerous Operations", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:01.012Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Visio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43505", }, ], title: "Microsoft Office Visio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43505", datePublished: "2024-10-08T17:35:18.966Z", dateReserved: "2024-08-14T01:08:33.522Z", dateUpdated: "2025-01-29T23:50:01.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21392
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21392 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21392", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T04:55:42.818Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:37.566Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21392", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21392", datePublished: "2025-02-11T17:58:38.001Z", dateReserved: "2024-12-11T00:29:48.374Z", dateUpdated: "2025-03-12T01:42:37.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49059
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft Office Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49059", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T04:55:54.967Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5478.1004", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:02.775Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059", }, ], title: "Microsoft Office Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49059", datePublished: "2024-12-10T17:49:05.468Z", dateReserved: "2024-10-11T20:57:49.189Z", dateUpdated: "2025-03-11T16:44:02.775Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21381
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21381 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20058 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21381", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T18:55:21.235476Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:39:48.559Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20058", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20058", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:35.247Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21381", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21381", datePublished: "2025-02-11T17:58:35.597Z", dateReserved: "2024-12-11T00:29:48.366Z", dateUpdated: "2025-03-12T01:42:35.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49028
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49028", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:32.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1001", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1001", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:27.041Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49028", datePublished: "2024-11-12T17:54:21.820Z", dateReserved: "2024-10-11T20:57:49.183Z", dateUpdated: "2025-01-30T00:10:27.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21397
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21397 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21397", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T04:55:46.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:38.816Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21397", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21397", datePublished: "2025-02-11T17:58:39.109Z", dateReserved: "2024-12-11T00:29:48.374Z", dateUpdated: "2025-03-12T01:42:38.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21366
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Access Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21366", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:39.963Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (32-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Access 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Access Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:46.041Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Access Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366", }, ], title: "Microsoft Access Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21366", datePublished: "2025-01-14T18:04:09.694Z", dateReserved: "2024-12-11T00:29:48.359Z", dateUpdated: "2025-04-02T13:23:46.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24080
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24080 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24080", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:46.995158Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:26.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:02.693Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24080", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24080", datePublished: "2025-03-11T16:58:57.259Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:15:02.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21363
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21363 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21363", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:37.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:44.314Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21363", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21363", datePublished: "2025-01-14T18:04:08.108Z", dateReserved: "2024-12-11T00:29:48.358Z", dateUpdated: "2025-04-02T13:23:44.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24078
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:14
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24078", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:53.481153Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:42.574Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.18526.20080", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.18526.20080", versionStartIncluding: "16.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:14:59.275Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24078", datePublished: "2025-03-11T16:58:55.964Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:14:59.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43576
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43576 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43576", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:51:44.638176Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T19:50:56.242Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:15.241Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43576", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43576", datePublished: "2024-10-08T17:35:31.848Z", dateReserved: "2024-08-14T01:08:33.545Z", dateUpdated: "2025-01-29T23:50:15.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43616
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43616 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43616", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:51:42.772349Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T19:50:20.624Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:20.622Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43616", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43616", datePublished: "2024-10-08T17:35:36.847Z", dateReserved: "2024-08-14T01:08:33.553Z", dateUpdated: "2025-01-29T23:50:20.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21386
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21386 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20058 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21386", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-24T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T04:55:23.104Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20058", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20058", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:35.828Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21386", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21386", datePublished: "2025-02-11T17:58:36.218Z", dateReserved: "2024-12-11T00:29:48.367Z", dateUpdated: "2025-03-12T01:42:35.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21390
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21390 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20058 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21390", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-24T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-01T04:55:45.634Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20058", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20058", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:37.062Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21390", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21390", datePublished: "2025-02-11T17:58:37.409Z", dateReserved: "2024-12-11T00:29:48.368Z", dateUpdated: "2025-03-12T01:42:37.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21364
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Excel Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21364", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T21:22:50.983530Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T21:55:12.195Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:44.837Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364", }, ], title: "Microsoft Excel Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21364", datePublished: "2025-01-14T18:04:08.647Z", dateReserved: "2024-12-11T00:29:48.359Z", dateUpdated: "2025-04-02T13:23:44.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49031
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Office Graphics Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49031", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:41.487Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Graphics Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-126", description: "CWE-126: Buffer Over-read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:28.617Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Graphics Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031", }, ], title: "Microsoft Office Graphics Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49031", datePublished: "2024-11-12T17:54:23.397Z", dateReserved: "2024-10-11T20:57:49.184Z", dateUpdated: "2025-01-30T00:10:28.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49032
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Office Graphics Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49032", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:39.035Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Graphics Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:29.127Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Graphics Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032", }, ], title: "Microsoft Office Graphics Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49032", datePublished: "2024-11-12T17:54:23.959Z", dateReserved: "2024-10-11T20:57:49.184Z", dateUpdated: "2025-01-30T00:10:29.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49065
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5478.1000 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49065", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T04:55:56.197Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20026", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.92.24120731", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.92.24120731", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20026", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.92.24120731", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.92.24120731", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:30.119Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49065", datePublished: "2024-12-10T17:49:36.122Z", dateReserved: "2024-10-11T20:57:49.194Z", dateUpdated: "2025-03-11T16:44:30.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49029
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49029", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:33.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1001", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1001", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-908", description: "CWE-908: Use of Uninitialized Resource", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:27.630Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49029", datePublished: "2024-11-12T17:54:22.359Z", dateReserved: "2024-10-11T20:57:49.184Z", dateUpdated: "2025-01-30T00:10:27.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24082
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24082 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20073 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24082", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:41.695902Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:12.815Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20073", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20073", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:04.454Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24082", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24082", datePublished: "2025-03-11T16:58:58.359Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:15:04.454Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24057
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:14
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24057", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:59.234827Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:35:07.585Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:14:56.645Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24057", datePublished: "2025-03-11T16:58:53.798Z", dateReserved: "2025-01-16T23:11:19.733Z", dateUpdated: "2025-04-03T21:14:56.645Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49142
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft Access Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-13T20:53:23.587695Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-13T22:00:31.813Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (32-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Access 2016 (64-bit edition)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5478.1004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:access:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5478.1004", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Access Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:27.426Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Access Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142", }, ], title: "Microsoft Access Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49142", datePublished: "2024-12-10T17:49:33.983Z", dateReserved: "2024-10-11T20:57:49.214Z", dateUpdated: "2025-03-11T16:44:27.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21356
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Office Visio Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21356 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21356", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:30.198Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Visio Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en-US", type: "CWE", }, { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:42.404Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Visio Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21356", }, ], title: "Microsoft Office Visio Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21356", datePublished: "2025-01-14T18:04:06.489Z", dateReserved: "2024-12-11T00:29:48.355Z", dateUpdated: "2025-04-02T13:23:42.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49027
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49027", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:36.586Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1001", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5474.1001", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:26.446Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49027", datePublished: "2024-11-12T17:54:21.180Z", dateReserved: "2024-10-11T20:57:49.183Z", dateUpdated: "2025-01-30T00:10:26.446Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24079
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24079 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24079", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:49.838779Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:35.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.18526.20080", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.18526.20080", versionStartIncluding: "16.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:00.685Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24079", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24079", datePublished: "2025-03-11T16:58:56.654Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:15:00.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24083
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-04-03 21:15
Severity ?
EPSS score ?
Summary
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24083 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24083", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T18:26:38.807961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T18:34:05.751Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.95.25030928", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5491.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.95.25030928", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5491.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-03-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-03T21:15:05.127Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24083", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-24083", datePublished: "2025-03-11T16:58:58.870Z", dateReserved: "2025-01-16T23:11:19.737Z", dateUpdated: "2025-04-03T21:15:05.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43609
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Microsoft Office Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43609 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC 2024 |
Version: 1.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43609", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:40:52.923758Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:41:59.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5469.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5469.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:18.185Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43609", }, ], title: "Microsoft Office Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43609", datePublished: "2024-10-08T17:35:34.804Z", dateReserved: "2024-08-14T01:08:33.552Z", dateUpdated: "2025-01-29T23:50:18.185Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49026
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49026", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:37.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20007", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016 Click-to-Run (C2R)", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20007", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:click-to-run:*:*:*", versionEndExcluding: "16.0.5474.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:25.984Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49026", datePublished: "2024-11-12T17:54:20.692Z", dateReserved: "2024-10-11T20:57:49.183Z", dateUpdated: "2025-01-30T00:10:25.984Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21362
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20047 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21362", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:33.059Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20047", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.93.25011212", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20047", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.93.25011212", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:43.642Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21362", datePublished: "2025-01-14T18:04:07.536Z", dateReserved: "2024-12-11T00:29:48.358Z", dateUpdated: "2025-04-02T13:23:43.642Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21387
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21387 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Office Online Server |
Version: 1.0.0 < 16.0.10416.20058 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21387", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T04:55:32.303Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20058", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:ltsc:*:*:*", versionEndExcluding: "16.0.10416.20058", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:36.496Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21387", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21387", datePublished: "2025-02-11T17:58:36.819Z", dateReserved: "2024-12-11T00:29:48.367Z", dateUpdated: "2025-03-12T01:42:36.496Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21365
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21365 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft 365 Apps for Enterprise |
Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21365", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-05T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T04:55:38.572Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:45.429Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21365", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21365", datePublished: "2025-01-14T18:04:09.116Z", dateReserved: "2024-12-11T00:29:48.359Z", dateUpdated: "2025-04-02T13:23:45.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21383
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft Excel Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21383 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21383", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T19:17:00.507233Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T19:29:33.122Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.94.25020927", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.94.25020927", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:13.715Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21383", }, ], title: "Microsoft Excel Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21383", datePublished: "2025-02-11T17:58:15.213Z", dateReserved: "2024-12-11T00:29:48.366Z", dateUpdated: "2025-03-12T01:42:13.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43504
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:50
Severity ?
EPSS score ?
Summary
Microsoft Excel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43504 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC 2024 |
Version: 1.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43504", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:51:11.224334Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:51:21.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5469.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5469.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Excel Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:50:00.457Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Excel Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43504", }, ], title: "Microsoft Excel Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43504", datePublished: "2024-10-08T17:35:18.429Z", dateReserved: "2024-08-14T01:08:33.522Z", dateUpdated: "2025-01-29T23:50:00.457Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49033
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft Word Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2024 |
Version: 1.0.0 < 16.91.24111020 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49033", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T04:55:30.776Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2024", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.91.24111020", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5474.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*", versionEndExcluding: "16.91.24111020", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_2016:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5474.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:29.758Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033", }, ], title: "Microsoft Word Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49033", datePublished: "2024-11-12T17:54:24.545Z", dateReserved: "2024-10-11T20:57:49.185Z", dateUpdated: "2025-01-30T00:10:29.758Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21346
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft Office Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office 2019 |
Version: 19.0.0 < https://aka.ms/OfficeSecurityReleases |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21346", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T19:14:41.134507Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T19:14:50.383Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2024", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Office Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693: Protection Mechanism Failure", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:40.507Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346", }, ], title: "Microsoft Office Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21346", datePublished: "2025-01-14T18:04:04.710Z", dateReserved: "2024-12-11T00:29:48.353Z", dateUpdated: "2025-04-02T13:23:40.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }