CVE-2024-49065

Published: Dec 10, 2024

Modified: May 13, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Microsoft Office Remote Code Execution Vulnerability

Vendor	Product	Versions
Microsoft	Microsoft SharePoint Enterprise Server 2016	affected `16.0.0 - < 16.0.5478.1000`
Microsoft	Microsoft SharePoint Server 2019	affected `16.0.0 - < 16.0.10416.20026`
Microsoft	Microsoft Office 2019	affected `19.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft 365 Apps for Enterprise	affected `16.0.1 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Office LTSC for Mac 2021	affected `16.0.1 - < 16.92.24120731`
Microsoft	Microsoft Office LTSC 2021	affected `16.0.1 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Office LTSC 2024	affected `1.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Microsoft Office LTSC for Mac 2024	affected `1.0.0 - < 16.92.24120731`
Microsoft	Microsoft Word 2016	affected `16.0.1 - < 16.0.5478.1000`

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.