Skip to main content

Office 2019 CVE-2024-38226

HIGH
Protection Mechanism Failure (CWE-693)
2024-09-10 secure@microsoft.com
7.3
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Sep 10, 2024 - 17:15 cve.org
HIGH 7.3

DescriptionCVE.org

Microsoft Publisher Security Feature Bypass Vulnerability

AnalysisAI

Microsoft Publisher Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-693. Affected products include: Microsoft Office 2019, Microsoft Office Long Term Servicing Channel, Microsoft Publisher.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-21413 CRITICAL POC
9.8 Feb 13

Microsoft Outlook Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2026-45475 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthentica

CVE-2026-45471 HIGH
7.8 Jun 09

Local code execution in Microsoft Office Word enables an attacker to run arbitrary code in the context of the current us

CVE-2026-44824 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a

CVE-2026-44819 HIGH
7.8 Jun 09

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a he

CVE-2024-38189 HIGH
8.8 Aug 13

Microsoft Project Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely ex

CVE-2026-45456 HIGH
8.4 Jun 09

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attac

CVE-2026-45463 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can

CVE-2026-45474 HIGH
8.4 Jun 09

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker

CVE-2026-45472 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitra

CVE-2026-45461 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitra

CVE-2026-45458 HIGH
8.4 Jun 09

Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbit

Share

CVE-2024-38226 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy