Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-38200Sensitive Information Exposure in Microsoft 365 Apps FOR Enterprise

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
6.5MEDIUMCNA
No vector
EPSS
55.7%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft 365 Apps FOR EnterpriseMicrosoft Office 2016Microsoft Office 2019+1 more
Timeline
PublishedAug 8
Latest updateApr 3

Description

Microsoft Office Spoofing Vulnerability Microsoft Office Spoofing Vulnerability

Affected Packages4 packages

CVEListV5microsoft/microsoft_office_201616.0.016.0.5461.1001
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_office_ltsc_202116.0.1https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

1
CVEList
Microsoft Office Spoofing Vulnerability2024-08-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure2025-04-03

🔍Detection Rules

1
Suricata
ET EXPLOIT Microsoft Office Spoofing to HTTP Redirect Inbound (CVE-2024-38200)2024-10-01

📋Vendor Advisories

1
Microsoft
Microsoft Office Spoofing Vulnerability2024-08-13

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft discloses unpatched Office flaw that exposes NTLM hashes2024-08-09
CVE-2024-38200 — Sensitive Information Exposure | cvebase