CVE-2024-38189
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-38189 is a newly disclosed vulnerability affecting Microsoft Project, a popular project management software. This remote code execution (RCE) issue allows attackers to execute arbitrary code on targeted systems, potentially leading to significant data loss or unauthorized access. Exploitation of this vulnerability occurs when Microsoft Project fails to properly validate user-supplied data, enabling remote attackers to inject malicious code. Microsoft has released a patch to address this issue, and users are strongly encouraged to apply it as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Office
- Microsoft Project 2016
- Microsoft 365 Apps
- Microsoft Office 365
Affected Vendors
- Microsoft