CVE-2021-24070

Published: Feb 25, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

7.8

HIGH

Microsoft Excel Remote Code Execution Vulnerability

Vendor	Product	Versions
Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1	affected `15.0.1 - < publication`
Microsoft	Office Online Server	affected `https://aka.ms/OfficeSecurityReleases - < publication`
Microsoft	Microsoft Office 2019	affected `19.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft 365 Apps for Enterprise	affected `16.0.1 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Excel 2016	affected `16.0.0.0 - < publication`
Microsoft	Microsoft Excel 2010 Service Pack 2	affected `13.0.0.0 - < publication`
Microsoft	Microsoft Excel 2013 Service Pack 1	affected `15.0.0.0 - < publication`

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.