cbcvebase.
CVE-2024-38189
published 2024-08-13

CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-09-03
Exploited in the wild
Microsoft Project Remote Code Execution Vulnerability

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_project_2016>= 16.0.0.0 < 16.0.5461.100116.0.5461.1001
microsoftoffice_long_term_servicing_channel
microsoftproject_2016< 16.0.5461.100116.0.5461.1001
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_project_2016

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
cisa8.8HIGH