Msrc Microsoft Office Ltsc 2021 vulnerabilities

CVE-2023-38545 [CRITICAL] CWE-122 Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow FAQ: 1. When will an update be available to address this vulnerability? UPDATE: Microsoft has included version 8.4.0 of curl.exe in Windows updates released on November 14, 2023 for currently supported, on-premise versions of Windows clients and servers. See the Security Updates table in this CVE for the applicable Windows update KB numbers. Windows secur

CVE-2023-21716 [CRITICAL] CWE-190 Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability FAQ: What is the attack vector for this vulnerability? An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector.

CVE-2022-21840 [HIGH] Microsoft Office Remote Code Execution Vulnerability Microsoft Office Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit

CVE-2021-40454 [MEDIUM] Rich Text Edit Control Information Disclosure Vulnerability Rich Text Edit Control Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover cleartext passwords from memory. Rich Text Edit Control: Rich Text Edit Control Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release