VDB
CVE-2024-21378
CVE-2024-21378
PUBLISHED
Es bestehen mehrere Schwachstellen in Microsoft Office. Diese Fehler bestehen unter anderem in Microsoft Excel 2016, Microsoft Outlook 2016 oder Microsoft PowerPoint 2016. Diese Fehler sind noch nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Berechtigungen zu erweitern oder vertrauliche Informationen, wie z.B. NTLM Hashes offenzulegen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
EPSS 27.31% · 96.5th percentile
Risk Scores
EPSS Score
27.31%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Publisher 2016 | |
| Microsoft | Microsoft Office LTSC 2021 | |
| Microsoft | Microsoft Visio 2016 | |
| Microsoft | Microsoft Teams for Android | |
| Microsoft | Microsoft Word 2016 | |
| Microsoft | Microsoft Office 2016 | |
| Microsoft | Microsoft 365 Apps | |
| Microsoft | Microsoft Skype for Business 2016 (64-bit) | |
| Microsoft | Microsoft Excel 2016 | |
| Microsoft | Microsoft Office 2019 | |
| Microsoft | Microsoft PowerPoint 2016 | |
| Microsoft | Microsoft Skype for Business Server 2019 CU7 | |
| Microsoft | Microsoft Skype for Business 2016 (32-bit) | |
| Microsoft | Microsoft Outlook 2016 |
Timeline
- Jul 2, 2021 PoC Published
- Feb 13, 2024 CVE Published
- Feb 14, 2024 EPSS Score
- Mar 12, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 18, 2024 PoC Published
- Apr 8, 2024 EPSS Score
- Apr 11, 2024 PoC Published
- Apr 11, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0389.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0389 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ advisory
- https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/ exploit