Skip to main content

365 Copilot CVE-2021-43905

CRITICAL
2021-12-15 secure@microsoft.com
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 15, 2021 - 15:15 nvd
CRITICAL 9.6

DescriptionNVD

Microsoft Office app Remote Code Execution Vulnerability

AnalysisAI

Microsoft Office app Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Affected products include: Microsoft 365 Copilot.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-32711 CRITICAL POC
9.3 Jun 11

CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-ba

CVE-2026-24307 CRITICAL
9.3 Jan 22

M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information thro

CVE-2026-47645 HIGH
8.8 Jun 19

Privilege elevation in Microsoft 365 Copilot's Business Chat is possible when an attacker abuses an open redirect (CWE-6

CVE-2026-45463 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can

CVE-2026-45474 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker

CVE-2026-45472 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitra

CVE-2026-45461 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitra

CVE-2026-42895 HIGH
7.5 Jun 19

Command injection in Microsoft 365 Copilot lets a remote, unauthenticated attacker tamper with data and integrity over t

CVE-2026-24299 MEDIUM
5.3 Mar 19

M365 Copilot is vulnerable to command injection that enables unauthenticated remote attackers to extract sensitive infor

CVE-2026-45460 MEDIUM
4.7 Jun 09

Out-of-bounds read (buffer over-read) in Microsoft Office exposes sensitive memory contents to a local attacker who can

Share

CVE-2021-43905 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy