CVE-2024-41165Improper Verification of Cryptographic Signature in Microsoft Word

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
9.1CRITICALNVD
CNA7.1
EPSS
0.1%
top 77.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Word
Timeline
PublishedDec 18
Latest updateDec 19

Description

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5microsoft/word16.83 for macOS
NVDmicrosoft/word16.83

🔴Vulnerability Details

2
GHSA
GHSA-qc4c-822v-vp4m: A library injection vulnerability exists in Microsoft Word 162024-12-19
CVEList
CVE-2024-41165: A library injection vulnerability exists in Microsoft Word 162024-12-18
CVE-2024-41165 — Microsoft Word vulnerability | cvebase