CVE-2024-38226

Warnung

EPSS 3.75%
Veröffentlicht 10.09.2024 17:15:25
Zuletzt bearbeitet 12.09.2024 01:00:01
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Publisher Security Feature Bypass Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Office Version2019 HwPlatformx64

Microsoft ≫ Office Version2019 HwPlatformx86

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx64

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx86

Microsoft ≫ Publisher Version2016 HwPlatformx64

Microsoft ≫ Publisher Version2016 HwPlatformx86

10.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Publisher Protection Mechanism Failure Vulnerability

Schwachstelle

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.75%	0.876

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38226

EUVD