Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrosoft Office
APPMicrosoft2007201020132016Microsoft Windows 7
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftwszystkie wersjeMicrosoft Windows Vista
OSMicrosoftwszystkie wersjePhilips Intellispace Portal
APPPhilips7.08.0
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Office and WordPad
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Microsoft Outlook Elevation of Privilege Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...