CVE-2024-38189

Warnung

EPSS 47.6%
Veröffentlicht 13.08.2024 18:15:27
Zuletzt bearbeitet 16.08.2024 15:11:42
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Project Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2019

Microsoft ≫ Office Long Term Servicing Channel Version2021

Microsoft ≫ Project 2016 Version < 16.0.5461.1001

13.08.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Project Remote Code Execution Vulnerability

Schwachstelle

Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	47.6%	0.976

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38189

EUVD