CVE-2024-38189

Warnung

EPSS 54.67%
Veröffentlicht 13.08.2024 18:15:27
Zuletzt bearbeitet 28.10.2025 14:22:47
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Project Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office 2019 Version- HwPlatformx64

Microsoft ≫ Office 2019 Version- HwPlatformx86

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx64

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx86

Microsoft ≫ Project 2016 Version < 16.0.5461.1001

13.08.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Project Remote Code Execution Vulnerability

Schwachstelle

Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	54.67%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38189

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-38189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38189

EUVD