⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-27059

6 documents6 sources
Severity
6.5MEDIUM
EPSS
3.0%
top 13.51%
CISA KEV
KEV
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Microsoft Microsoft Office 2010 Service Pack 2Microsoft Microsoft Office 2013 Service Pack 1Microsoft Microsoft Office 2016+1 more
Timeline
PublishedMar 11
KEV addedNov 3
KEV dueNov 17
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Office Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages4 packages

CVEListV5microsoft/microsoft_office_201616.0.0publication
CVEListV5microsoft/microsoft_office_2010_service_pack_213.0.0.0publication
CVEListV5microsoft/microsoft_office_2013_service_pack_115.0.0publication
NVDmicrosoft/office2010, 2013, 2016+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-4qxg-56mj-c47p: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-270572022-05-24
CVEList
Microsoft Office Remote Code Execution Vulnerability2021-03-11
VulnCheck
Microsoft Office Remote Code Execution Vulnerability2021

📋Vendor Advisories

2
CISA
Microsoft Office Remote Code Execution Vulnerability2021-11-03
Microsoft
Microsoft Office Remote Code Execution Vulnerability2021-03-09
CVE-2021-27059 (MEDIUM CVSS 6.5) | Microsoft Office Remote Code Execut | cvebase.io