CVE-2024-38226

Warnung

EPSS 1.24%
Veröffentlicht 10.09.2024 17:15:25
Zuletzt bearbeitet 28.10.2025 15:51:26
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Publisher Security Feature Bypass Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Office 2019 Version- HwPlatformx64

Microsoft ≫ Office 2019 Version- HwPlatformx86

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx64

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx86

Microsoft ≫ Publisher Version2016 HwPlatformx64

Microsoft ≫ Publisher Version2016 HwPlatformx86

10.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Publisher Protection Mechanism Failure Vulnerability

Schwachstelle

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.24%	0.786

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38226

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-38226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38226

EUVD