CVE-2024-20677

CWE-122Heap-based Buffer Overflow4 documents4 sources
Severity
7.8HIGH
EPSS
0.4%
top 39.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Microsoft 3D ViewerMicrosoft Microsoft 365 Apps FOR EnterpriseMicrosoft Microsoft Office 2019+4 more
Timeline
PublishedJan 9

Description

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Of

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5microsoft/microsoft_office_ltsc_202116.0.1https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_office_ltsc_for_mac_202116.0.116.81.24011420
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9cx9-hjrh-cgmm: A security vulnerability exists in FBX that could lead to remote code execution2024-01-09
CVEList
Microsoft Office Remote Code Execution Vulnerability2024-01-09

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2024-01-09
CVE-2024-20677 (HIGH CVSS 7.8) | A security vulnerability exists in | cvebase.io