CVE-2024-20677

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 9, 2024
Updated: May 29, 2024
CWE ID 122

Summary

CVE-2024-20677 is a newly discovered vulnerability affecting FBX files in Microsoft Office. This issue could potentially enable remote code execution. In response, Microsoft has disabled the feature to insert FBX files in Word, Excel, PowerPoint, Outlook for Windows and Mac, affecting Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. Previously inserted 3D models from FBX files will continue to function, but the Link to File option is no longer supported. This change was implemented as part of the January 9, 2024 security update.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Office
  • Microsoft 365 Apps
  • Microsoft Office 365

Affected Vendors

  • Microsoft