8.8
CVE-2024-38189
- EPSS 47.6%
- Published 13.08.2024 18:15:27
- Last modified 16.08.2024 15:11:42
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Project Remote Code Execution Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Office Long Term Servicing Channel Version2021
Microsoft ≫ Project 2016 Version < 16.0.5461.1001
13.08.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Project Remote Code Execution Vulnerability
VulnerabilityMicrosoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 47.6% | 0.976 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.