CVE-2024-38226

Microsoft Publisher Security Feature Bypass Vulnerability

CVSS 7.3 HIGHEPSS 2.7%● KEVCWE-693

In short

Microsoft Publisher allows attackers to bypass security protections that normally prevent malicious documents from running. This means a specially crafted file could execute harmful code when opened by a user.

Technical detail

A security feature bypass in Microsoft Publisher (CWE-693) permits threat actors to circumvent protective mechanisms through a specially crafted document file. The attack requires user interaction (document opening) and could result in arbitrary code execution with the privileges of the affected user.

Summary generated and translated by AI from the official description.

Microsoft Publisher Security Feature Bypass Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected products

Microsoft · Microsoft Office 2019 Microsoft · Microsoft Office LTSC 2021 Microsoft · Microsoft Publisher 2016

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38226