Lucene search
Thomas Bouzerar (@MajorTomSec) from Synacktiv (@Synacktiv)ZDI-22-813HistoryJun 02, 2022 - 12:00 a.m.
Microsoft Word glTF-SDK Integer Overflow Remote Code Execution Vulnerability
2022-06-0200:00:00
Thomas Bouzerar (@MajorTomSec) from Synacktiv (@Synacktiv)
www.zerodayinitiative.com
14
0.236 Low
EPSS
Percentile
96.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the glTF-SDK component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
mscve
mscve
Microsoft Office Graphics Remote Code Execution Vulnerability
2021-12-14 08:00:00
nessus
nessus
Security Updates for Microsoft Office (December 2021) (macOS)
2021-12-23 00:00:00
Security Updates for Microsoft Office Products (December 2021)
2021-12-14 00:00:00
Security Updates for Microsoft Office Products C2R (December 2021)
2022-06-10 00:00:00
nvd
nvd
CVE-2021-43875
2021-12-15 15:15:10
prion
prion
Remote code execution
2021-12-15 15:15:00
openvas
openvas
cvelist
cvelist
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability
2021-12-15 14:15:30
cve
cve
CVE-2021-43875
2021-12-15 15:15:10
kaspersky
kaspersky
KLA12389 Multiple vulnerabilities in Microsoft Office
2021-12-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2021
2021-12-14 22:12:53