Lucene search
HistoryFeb 13, 2024 - 6:16 p.m.
CVE-2024-21413
cve-2024-21413
microsoft
outlook
remote code execution
vulnerability
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.3%
Microsoft Outlook Remote Code Execution Vulnerability
Affected configurations
Node
microsoftmicrosoft_office_2019Match19.0.0
ORmicrosoft365_appsMatch16.0.1
ORmicrosoftmicrosoft_office_ltsc_2021Match16.0.1
ORmicrosoftmicrosoft_office_2016Range16.0.0–16.0.5435.1001
ORmicrosoftmicrosoft_office_2016Range16.0.0–16.0.5435.1000
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | microsoft_office_2019 | 19.0.0 | cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:*:*:*:*:*:*:* |
| microsoft | 365_apps | 16.0.1 | cpe:2.3:a:microsoft:365_apps:16.0.1:*:*:*:*:*:*:* |
| microsoft | microsoft_office_ltsc_2021 | 16.0.1 | cpe:2.3:a:microsoft:microsoft_office_ltsc_2021:16.0.1:*:*:*:*:*:*:* |
| microsoft | microsoft_office_2016 | * | cpe:2.3:a:microsoft:microsoft_office_2016:*:*:*:*:*:*:*:* |
| microsoft | microsoft_office_2016 | * | cpe:2.3:a:microsoft:microsoft_office_2016:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft Office 2019",
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "19.0.0",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft 365 Apps for Enterprise",
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office LTSC 2021",
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office 2016",
"cpes": [
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.0",
"lessThan": "16.0.5435.1001",
"versionType": "custom",
"status": "affected"
},
{
"version": "16.0.0",
"lessThan": "16.0.5435.1000",
"versionType": "custom",
"status": "affected"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2024-21413
2024-02-13 18:16:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Microsoft
2024-02-28 07:26:24
Exploit for Improper Input Validation in Microsoft
2024-02-19 01:37:15
Exploit for Improper Input Validation in Microsoft
2024-05-11 12:28:22
mscve
mscve
Microsoft Outlook Remote Code Execution Vulnerability
2024-02-13 08:00:00
openvas
openvas
prion
prion
Remote code execution
2024-02-13 18:16:00
cvelist
cvelist
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
2024-02-13 18:02:24
mskb
mskb
thn
thn
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
2024-04-21 08:42:00
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
2024-02-15 05:19:00
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
2024-02-14 05:01:00
nessus
nessus
Security Updates for Microsoft Office Products (February 2024)
2024-02-13 00:00:00
Security Updates for Microsoft Office Products C2R (February 2024)
2024-02-14 00:00:00
malwarebytes
malwarebytes
Update now! Microsoft fixes two zero-days on February Patch Tuesday
2024-02-14 13:17:19
kaspersky
kaspersky
KLA63961 Multiple vulnerabilities in Microsoft Office
2024-02-13 00:00:00
krebs
krebs
Fat Patch Tuesday, February 2024 Edition
2024-02-13 22:28:48
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review
2024-02-13 20:03:29
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - February 2024
2024-02-13 21:26:21
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.3%
Related for CVE-2024-21413