Lucene search
KdotZDI-21-1083HistorySep 16, 2021 - 12:00 a.m.
Microsoft Office Word Converter Type Confusion Remote Code Execution Vulnerability
2021-09-1600:00:00
kdot
www.zerodayinitiative.com
46
0.013 Low
EPSS
Percentile
85.8%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cve
cve
CVE-2021-38658
2021-09-15 12:15:15
nvd
nvd
CVE-2021-38658
2021-09-15 12:15:15
mscve
mscve
Microsoft Office Graphics Remote Code Execution Vulnerability
2021-09-14 07:00:00
openvas
openvas
Microsoft Office 2013 Service Pack 1 RCE Vulnerability (KB5002007)
2021-09-15 00:00:00
Microsoft Office 2016 RCE Vulnerability (KB5002005)
2021-09-15 00:00:00
cvelist
cvelist
CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability
2021-09-15 11:24:18
mskb
mskb
prion
prion
Remote code execution
2021-09-15 12:15:00
nessus
nessus
Security Updates for Microsoft Office Products (September 2021)
2021-09-14 00:00:00
Security Updates for Microsoft Office Products C2R (September 2021)
2022-06-10 00:00:00
kaspersky
kaspersky
KLA12288 Multiple vulnerabilities in Microsoft Office
2021-09-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - September 2021
2021-09-15 03:44:31
qualysblog
qualysblog