CVE-2021-28451

Published: Apr 13, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

7.8

HIGH

Microsoft Excel Remote Code Execution Vulnerability

Vendor	Product	Versions
Microsoft	Microsoft Office 2019	affected `19.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Office 2019 for Mac	affected `16.0.0 - < publication`
Microsoft	Microsoft Office Online Server	affected `16.0.1 - < publication`
Microsoft	Microsoft 365 Apps for Enterprise	affected `16.0.1 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Excel 2016	affected `16.0.0.0 - < publication`
Microsoft	Microsoft Excel 2013 Service Pack 1	affected `15.0.0.0 - < publication`
Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1	affected `15.0.1 - < publication`

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.