CVE-2024-43106Improper Verification of Cryptographic Signature in Microsoft Excel

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
9.1CRITICALNVD
CNA7.1
EPSS
0.1%
top 77.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Excel
Timeline
PublishedDec 18
Latest updateDec 19

Description

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5microsoft/excel16.83 for macOS
NVDmicrosoft/excel16.83

🔴Vulnerability Details

2
GHSA
GHSA-qfv9-wmf6-2j52: A library injection vulnerability exists in Microsoft Excel 162024-12-19
CVEList
CVE-2024-43106: A library injection vulnerability exists in Microsoft Excel 162024-12-18
CVE-2024-43106 — Microsoft Excel vulnerability | cvebase