SecuriTricks - CVE-2024-43465

Description

Microsoft Excel Elevation of Privilege Vulnerability

Product(s) Impacted

Vendor	Product	Versions
Microsoft	365 Apps Excel Office Office Long Term Servicing Channel Office Online Server	- 2016 2019 2021 *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	microsoft	365_apps	-	/	/	/	enterprise	/	x64	/
a	microsoft	365_apps	-	/	/	/	enterprise	/	x86	/
a	microsoft	excel	2016	/	/	/	/	/	x64	/
a	microsoft	excel	2016	/	/	/	/	/	x86	/
a	microsoft	office	2019	/	/	/	/	-	x64	/
a	microsoft	office	2019	/	/	/	/	-	x86	/
a	microsoft	office_long_term_servicing_channel	2021	/	/	/	/	/	x64	/
a	microsoft	office_long_term_servicing_channel	2021	/	/	/	/	/	x86	/
a	microsoft	office_long_term_servicing_channel	2021	/	/	/	/	macos	/	/
a	microsoft	office_online_server	/	/	/	/	/	/	/	/

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43465

CVSS Score

7.8 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Date

Published: Sept. 10, 2024, 5:15 p.m.
Last Modified: Sept. 13, 2024, 2:46 p.m.

Status : Analyzed

CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.

More info

Source

secure@microsoft.com

CVE-2024-43465