The vulnerability of Microsoft Office Web Apps Server, Microsoft Office, Office Online Server, and Microsoft Excel stems from improper code generation management, allowing attackers to execute arbitrary code.

🗓️ 24 May 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Vulnerability in Microsoft Office Web Apps Server and Office Online Server due to improper code generation enabling arbitrary code execution.

Reporter	Title	Published	Views	Family All 30
Circl	CVE-2021-31179	8 Jun 202115:15	–	circl
CNNVD	Microsoft Office 代码注入漏洞	11 May 202100:00	–	cnnvd
CVE	CVE-2021-31179	11 May 202119:11	–	cve
Cvelist	CVE-2021-31179 Microsoft Office Remote Code Execution Vulnerability	11 May 202119:11	–	cvelist
EUVD	EUVD-2021-18092	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for Office Online Server: May 11, 2021 (KB5001914)	11 May 202107:00	–	mskb
Microsoft KB	Description of the security update for Excel 2016: May 11, 2021 (KB5001918)	11 May 202107:00	–	mskb
Microsoft KB	Description of the security update for Office 2016: May 11, 2021 (KB5001923)	11 May 202107:00	–	mskb
Microsoft KB	Description of the security update for Office 2013: May 11, 2021 (KB5001927)	11 May 202107:00	–	mskb
Microsoft KB	Description of the security update for Office Web Apps Server 2013: May 11, 2021 (KB5001928)	11 May 202107:00	–	mskb

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31179
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-31179
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021051110
web	www.web.nvd.nist.gov/view/vuln/detail

24 May 2021 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 26.9

CVSS 37.8

EPSS0.13494

office web apps server office online server improper code generation arbitrary code execution security vulnerability