CVE-2024-21384 — Use After Free in Microsoft 365 Apps FOR Enterprise

CWE-416 — Use After Free9 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft 365 Apps FOR Enterprise Microsoft Office Ltsc 2021 Microsoft Office Long Term Servicing Channel

Timeline

PublishedFeb 13

Description

Microsoft Office OneNote Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_office_ltsc_202116.0.1 — https://aka.ms/OfficeSecurityReleases

▶NVDmicrosoft/office_long_term_servicing_channel2021

▶CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1 — https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-44vv-2mpg-8hv5: Microsoft Office OneNote Remote Code Execution Vulnerability↗2024-02-13

▶

CVEList

Microsoft Office OneNote Remote Code Execution Vulnerability↗2024-02-13

▶

📋Vendor Advisories

Microsoft

Microsoft Office OneNote Remote Code Execution Vulnerability↗2024-02-13

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws↗2024-02-13

▶

Trendmicro

The February 2024 Security Update Review↗2024-02-12

▶

Trendmicro

The February 2024 Security Update Review↗2024-02-12

▶

Trendmicro

The February 2024 Security Update Review↗2024-02-12

▶

Trendmicro

The February 2024 Security Update Review↗2024-02-12

▶