CVE-2021-42292 (GCVE-0-2021-42292)
Vulnerability from cvelistv5 – Published: 2021-11-10 00:47 – Updated: 2025-10-21 23:25Title
Microsoft Excel Security Feature Bypass Vulnerability
Summary
Microsoft Excel Security Feature Bypass Vulnerability
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Security Feature Bypass
- CWE-noinfo Not enough information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Office 2019 for Mac |
Affected:
16.0.0 , < 16.55.21111400
(custom)
cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:* |
|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* |
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.55.21111400
(custom)
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:* |
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Excel 2016 |
Affected:
16.0.0.0 , < 16.0.5239.1001
(custom)
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2016 |
Affected:
16.0.0 , < 16.0.5239.1001
(custom)
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Excel 2013 Service Pack 1 |
Affected:
15.0.0.0 , < 15.0.5397.1001
(custom)
cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2013 Service Pack 1 |
Affected:
15.0.0 , < 15.0.5397.1001
(custom)
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:* |
Date Public
2021-11-09 08:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 88e531f4-2284-4379-a6ce-0a89820f5596
Exploited: Yes
Timestamps
First Seen: 2021-11-17
Asserted: 2021-11-17
Scope
Notes: KEV entry: Microsoft Excel Security Feature Bypass | Affected: Microsoft / Office | Description: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42292
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-357 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Office |
| Due Date | 2021-12-01 |
| Date Added | 2021-11-17 |
| Vendorproject | Microsoft |
| Vulnerabilityname | Microsoft Excel Security Feature Bypass |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
KEVintel KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 542b5210-c09e-4bdf-861a-72bd4678a90e
Exploited: Yes
Timestamps
First Seen: 2021-11-17
Asserted: 2021-11-17
Scope
Notes: KEVIntel entry: Microsoft Excel Security Feature Bypass Vulnerability | Affected: Microsoft / Microsoft Office 2019, Microsoft Office 2019 for Mac, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Excel 2016, Microsoft Office 2016, Microsoft Excel 2013 Service Pack 1, Microsoft Office 2013 Service Pack 1 | CVSS: 7.8 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | Microsoft Excel Security Feature Bypass Vulnerability |
| Vendor | Microsoft |
| Product | Microsoft Office 2019, Microsoft Office 2019 for Mac, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Excel 2016, Microsoft Office 2016, Microsoft Excel 2013 Service Pack 1, Microsoft Office 2013 Service Pack 1 |
| Added Date | 2021-11-17T00:00:00.000Z |
| Cvss Score | 7.8 |
| Epss Score | None |
| Cvss Severity | HIGH |
| Epss Percentile | None |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-19 12:47 UTC
| Updated: 2026-06-19 12:47 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:37.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42292",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:41:16.021878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:25.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-17T00:00:00.000Z",
"value": "CVE-2021-42292 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office 2019 for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.55.21111400",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.55.21111400",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5239.1001",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5239.1001",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5397.1001",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5397.1001",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Excel Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:48:02.211Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292"
}
],
"title": "Microsoft Excel Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42292",
"datePublished": "2021-11-10T00:47:25.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:25.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-42292",
"cwes": "[\"CWE-357\"]",
"dateAdded": "2021-11-17",
"dueDate": "2021-12-01",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-42292",
"product": "Office",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.",
"vendorProject": "Microsoft",
"vulnerabilityName": "Microsoft Excel Security Feature Bypass"
},
"epss": {
"cve": "CVE-2021-42292",
"date": "2026-06-20",
"epss": "0.31949",
"percentile": "0.98082"
},
"fkie_nvd": {
"cisaActionDue": "2021-12-01",
"cisaExploitAdd": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Excel Security Feature Bypass",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*\", \"matchCriteriaId\": \"BF89FEC4-936E-4226-94F9-2BD0CB0CA09F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*\", \"matchCriteriaId\": \"552E1557-D6FA-45DD-9B52-E13ACDBB8A62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*\", \"matchCriteriaId\": \"C5282C83-86B8-442D-851D-B54E88E8B1F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"40961B9E-80B6-42E0-A876-58B3CE056E4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*\", \"matchCriteriaId\": \"6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Excel Security Feature Bypass Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Omisi\\u00f3n de Funcionalidades de Seguridad de Microsoft Excel\"}]",
"id": "CVE-2021-42292",
"lastModified": "2024-11-21T06:27:32.443",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-11-10T01:19:47.007",
"references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-42292\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-11-10T01:19:47.007\",\"lastModified\":\"2026-06-17T04:09:35.627\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel Security Feature Bypass Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Omisi\u00f3n de Funcionalidades de Seguridad de Microsoft Excel\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office 2019\",\"cpes\":[\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\"],\"platforms\":[\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"19.0.0\",\"lessThan\":\"https://aka.ms/OfficeSecurityReleases\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office 2019 for Mac\",\"cpes\":[\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\"],\"platforms\":[\"Unknown\"],\"versions\":[{\"version\":\"16.0.0\",\"lessThan\":\"16.55.21111400\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft 365 Apps for Enterprise\",\"cpes\":[\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\"],\"platforms\":[\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"16.0.1\",\"lessThan\":\"https://aka.ms/OfficeSecurityReleases\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office LTSC for Mac 2021\",\"cpes\":[\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\"],\"platforms\":[\"Unknown\"],\"versions\":[{\"version\":\"16.0.1\",\"lessThan\":\"16.55.21111400\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office LTSC 2021\",\"cpes\":[\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\"],\"platforms\":[\"x64-based Systems\",\"32-bit Systems\"],\"versions\":[{\"version\":\"16.0.1\",\"lessThan\":\"https://aka.ms/OfficeSecurityReleases\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Excel 2016\",\"cpes\":[\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*\",\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*\"],\"platforms\":[\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"16.0.0.0\",\"lessThan\":\"16.0.5239.1001\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office 2016\",\"cpes\":[\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*\",\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*\"],\"platforms\":[\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"16.0.0\",\"lessThan\":\"16.0.5239.1001\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Excel 2013 Service Pack 1\",\"cpes\":[\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\",\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*\",\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*\"],\"platforms\":[\"ARM64-based Systems\",\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"15.0.0.0\",\"lessThan\":\"15.0.5397.1001\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Office 2013 Service Pack 1\",\"cpes\":[\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\",\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*\",\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*\"],\"platforms\":[\"ARM64-based Systems\",\"32-bit Systems\",\"x64-based Systems\"],\"versions\":[{\"version\":\"15.0.0\",\"lessThan\":\"15.0.5397.1001\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-01-03T16:41:16.021878Z\",\"id\":\"CVE-2021-42292\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2021-11-17\",\"cisaActionDue\":\"2021-12-01\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Excel Security Feature Bypass\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:-:*:*:*\",\"matchCriteriaId\":\"BF89FEC4-936E-4226-94F9-2BD0CB0CA09F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*\",\"matchCriteriaId\":\"552E1557-D6FA-45DD-9B52-E13ACDBB8A62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*\",\"matchCriteriaId\":\"C5282C83-86B8-442D-851D-B54E88E8B1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"40961B9E-80B6-42E0-A876-58B3CE056E4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*\",\"matchCriteriaId\":\"6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"BF0E8112-5B6F-4E55-8E40-38ADCF6FC654\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T03:30:37.920Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-42292\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-03T16:41:16.021878Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-17\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-17T00:00:00.000Z\", \"value\": \"CVE-2021-42292 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:05:39.275Z\"}}], \"cna\": {\"title\": \"Microsoft Excel Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019 for Mac\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.55.21111400\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC for Mac 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"16.55.21111400\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*\", \"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Excel 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.5239.1001\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*\", \"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5239.1001\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\", \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*\", \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Excel 2013 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0.0\", \"lessThan\": \"15.0.5397.1001\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\", \"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*\", \"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2013 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.5397.1001\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"32-bit Systems\", \"x64-based Systems\"]}], \"datePublic\": \"2021-11-09T08:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Excel Security Feature Bypass Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Security Feature Bypass\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2024-05-29T14:48:02.211Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-42292\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:25.426Z\", \"dateReserved\": \"2021-10-12T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-11-10T00:47:25.000Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…