cbcvebase.
CVE-2021-34478
published 2021-08-12

CVE-2021-34478: Microsoft Office Remote Code Execution Vulnerability

PriorityP355high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
54.38%
98.9th percentile
Microsoft Office Remote Code Execution Vulnerability

Affected

7 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftoffice
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions

Detection & IOCsextracted from sources · hover to see the quote

  • Preview Pane is NOT an attack vector; focus detection on file open/execution events rather than preview activity
  • User interaction required — monitor for users being socially engineered into opening/running malicious Office files (spearphishing attachment scenarios)
  • ·Exploitation assessed as 'Less Likely' for both latest and older software releases; no public exploit or in-the-wild exploitation confirmed at time of advisory
  • ·Remediation is delivered via Click-to-Run update channel; ensure Click-to-Run Office installations have received the patch rather than relying solely on MSI/Windows Update patching pipelines

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.