CVE-2022-29107
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published May 10, 2022
Updated: Jan 2, 2025
Summary
CVE-2022-29107 is a Microsoft Office security feature bypass vulnerability. Malicious documents can exploit this weakness to execute arbitrary code on a victim's system, gaining unauthorized access. The issue lies in the way Microsoft Office handles Object Linking and Embedding (OLE) objects, enabling attackers to bypass security restrictions. Successful exploitation could lead to significant data loss or system compromise. Microsoft strongly advises users to apply the available patch to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Office
- Microsoft Office Word
- Microsoft Office Publisher
- Microsoft 365 Apps
Affected Vendors
- Microsoft