CVE-2024-21413

Warnung

Exploit

EPSS 93.75%
Veröffentlicht 13.02.2024 18:16:00
Zuletzt bearbeitet 29.05.2025 16:32:14
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Outlook Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2016 Edition- SwEdition- HwPlatform-

Microsoft ≫ Office Version2019

Microsoft ≫ Office Long Term Servicing Channel Version2021

06.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Outlook Improper Input Validation Vulnerability

Schwachstelle

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.75%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

Patch

Vendor Advisory

https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

Technical Description

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-script

Exploit

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-mitigation-script

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-21413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21413

EUVD