CVE-2021-27059
Microsoft Office Remote Code Execution Vulnerability
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.6EPSS 3.2%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Mar 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
236 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Microsoft Office allows attackers to run malicious code on your computer by tricking you into opening a specially crafted Office document. This is dangerous because it gives attackers complete control of your system.
Technical detail
Remote code execution vulnerability in Microsoft Office triggered via a malicious document file. The attack vector requires user interaction (opening/previewing a crafted file), but upon exploitation, arbitrary code executes with the privileges of the Office application process. This enables full system compromise depending on user privilege level.
Summary generated and translated by AI from the official description.
Microsoft Office Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C