VDB
GCVE-VVD-NCSC-2024-337
GCVE-VVD-NCSC-2024-337
Advisory PublishedCVSS 7.8/10
Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.
Weaknesses (CWE)
CWE-122Heap-based Buffer OverflowCWE-416Use After FreeCWE-73External Control of File Name or PathCWE-20Improper Input ValidationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-918Server-Side Request Forgery (SSRF)
Risk Scores
CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| microsoft | microsoft_365_apps_for_enterprise | — | — |
| microsoft | microsoft_office_ltsc_for_mac_2021 | — | — |
| microsoft | microsoft_office_2019 | — | — |
| microsoft | microsoft_office_ltsc_2021 | — | — |
| microsoft | microsoft_powerpoint_2016 | — | — |
| microsoft | microsoft_outlook_2016 | — | — |
| microsoft | microsoft_project_2016 | — | — |
| microsoft | outlook | — | — |
| microsoft | microsoft_office_2016 | — | — |
| microsoft | 365_apps | — | — |
| microsoft | office | — | — |
| microsoft | office_long_term_servicing_channel | — | — |
| microsoft | office_2016 | — | — |
| microsoft | office_2019 | — | — |
| microsoft | microsoft_teams_for_ios | — | — |
| microsoft | microsoft_officeplus | — | — |
| microsoft | copilot_studio | — | — |
| microsoft | microsoft_copilot_studio | — | — |
Aliases
CVE-2024-38197CVE-2024-38173CVE-2024-38200CVE-2024-38189CVE-2024-38170CVE-2024-38172CVE-2024-38169CVE-2024-38206CVE-2024-38171CVE-2024-38084
Transitive aliases
GHSA-7qxv-p6jq-6vf6VVD-CISA-2024-38200CNVD-2024-42944VVD-CLOUD-2024-0020MSRC_CVE-2024-38172VVD-CISA-2024-38189EUVD-2024-37165VVD-CISA-2024-38169MSRC_CVE-2024-38171CNVD-2024-42945VVD-CISA-2024-38206BDU:2024-07029VVD-CISA-2024-38197BDU:2024-07671GHSA-rg5w-7m5m-gvvcBDU:2024-06454BDU:2024-06439MSRC_CVE-2024-38206EUVD-2024-37168MSRC_CVE-2024-38200GHSA-gxpr-qjxg-92q3VVD-CISA-2024-38171GHSA-xhjv-p3gv-382pMSRC_CVE-2024-38170BDU:2024-07884GHSA-q54r-rx89-mw8vEUVD-2024-37140MSRC_CVE-2024-38169EUVD-2024-37158BDU:2024-06152EUVD-2024-37226MSRC_CVE-2024-38173VVD-CISA-2024-38084GHSA-jgv7-f85p-m95jGHSA-f3r5-wp36-39jfVVD-CISA-2024-38170GHSA-8v4p-m86x-qgwwEUVD-2024-37173EUVD-2024-37141WID-SEC-W-2024-1803BDU:2024-07883MSRC_CVE-2024-38189MSRC_CVE-2024-38197VVD-CISA-2024-38173MSRC_CVE-2024-38084VVD-CISA-2024-38172EUVD-2024-37144CNVD-2024-42943BDU:2024-07860GHSA-w8m3-f759-q5hcBDU:2024-06243BDU:2024-07693GHSA-64w9-mqg5-cjpqEUVD-2024-37142EUVD-2024-37143
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.