cbcvebase.
CVE-2024-38226
published 2024-09-10

CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability

high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-01
Exploited in the wild
Microsoft Publisher Security Feature Bypass Vulnerability

Affected

10 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_publisher_2016>= 16.0.0 < 16.0.5465.100116.0.5465.1001
microsoftoffice_long_term_servicing_channel
microsoftpublisher
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_publisher_2016

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vulncheck7.3HIGH
cisa7.3HIGH