CVE-2024-43600

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 284

Summary

CVE-2024-43600 is an elevation of privilege vulnerability affecting Microsoft Office. Hackers can exploit this flaw to gain elevated permissions on a victim's system, potentially allowing them to install malware or steal sensitive information. This vulnerability exists due to a flaw in the way Microsoft Office handles certain file formats. Successful exploitation requires user interaction, such as opening a specially crafted file. Microsoft has released a patch to address this issue, and users are strongly encouraged to apply it as soon as possible. Failure to do so may leave systems vulnerable to attack.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Office

Affected Vendors

  • Microsoft