Kaspersky LabKLA73472KLA73472 RCE vulnerability in Microsoft Office
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
20.2%
A remote code execution vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2024-38016 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Microsoft Office 2019 for 32-bit editionsMicrosoft Office LTSC 2021 for 32-bit editionsMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft Visio 2016 (64-bit edition)Microsoft Office LTSC 2021 for 64-bit editionsMicrosoft 365 Apps for Enterprise for 64-bit SystemsMicrosoft Visio 2016 (32-bit edition)Microsoft Office 2019 for 64-bit editions
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
20.2%