CVE-2024-39804Improper Verification of Cryptographic Signature in Microsoft Powerpoint

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
9.1CRITICALNVD
CNA7.1
EPSS
0.1%
top 77.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Powerpoint
Timeline
PublishedDec 18
Latest updateDec 19

Description

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5microsoft/powerpoint16.83 for macOS

🔴Vulnerability Details

2
GHSA
GHSA-m3fq-vvxh-c7rf: A library injection vulnerability exists in Microsoft PowerPoint 162024-12-19
CVEList
CVE-2024-39804: A library injection vulnerability exists in Microsoft PowerPoint 162024-12-18
CVE-2024-39804 — Microsoft Powerpoint vulnerability | cvebase