Office 2019
CVE-2024-38226
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Microsoft Publisher Security Feature Bypass Vulnerability
AnalysisAI
Microsoft Publisher Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-693. Affected products include: Microsoft Office 2019, Microsoft Office Long Term Servicing Channel, Microsoft Publisher.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Office 2019
View allMicrosoft Outlook Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotel
Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthentica
Local code execution in Microsoft Office Word enables an attacker to run arbitrary code in the context of the current us
Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a
Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a he
Microsoft Project Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely ex
Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attac
Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can
Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker
Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitra
Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitra
Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbit
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today