CVE-2024-21413

Warning

Exploit

EPSS 93.75%
Published 13.02.2024 18:16:00
Last modified 29.05.2025 16:32:14
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Outlook Remote Code Execution Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2016 Edition- SwEdition- HwPlatform-

Microsoft ≫ Office Version2019

Microsoft ≫ Office Long Term Servicing Channel Version2021

06.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Outlook Improper Input Validation Vulnerability

Vulnerability

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.75%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

Patch

Vendor Advisory

https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

Technical Description

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-script

Exploit

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-mitigation-script

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-21413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21413

EUVD