CVE-2024-43576Untrusted Search Path in Microsoft 365 Apps FOR Enterprise

CWE-426Untrusted Search PathCWE-99Resource Injection8 documents7 sources
Severity
7.8HIGHNVD
EPSS
1.2%
top 20.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024Microsoft Office Long Term Servicing Channel
Timeline
PublishedOct 8

Description

Microsoft Office Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_office_ltsc_20241.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

2
CVEList
Microsoft Office Remote Code Execution Vulnerability2024-10-08
GHSA
GHSA-cg44-wh8v-fxqj: Microsoft Office Remote Code Execution Vulnerability2024-10-08

📋Vendor Advisories

2
Microsoft
Microsoft Office Remote Code Execution Vulnerability2024-10-08
Red Hat
kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE2024-08-17

🕵️Threat Intelligence

3
Bleepingcomputer
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws2024-10-08
Trendmicro
The October 2024 Security Update Review2024-10-08
Trendmicro
The October 2024 Security Update Review2024-10-08
CVE-2024-43576 — Untrusted Search Path in Microsoft | cvebase