| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | Microsoft Office 2019 | Critical | 26-10-2021 |
Technical Information
Brief overview of the risk:
A vulnerability in Microsoft Office which stems due to insufficient validation of existence of an object before performing operations on that object. User interaction is required to exploit this vulnerability. An attacker can trick users into visiting a malicious page or open a malicious file. On successful exploitation of this vulnerability an attacker can execute code in context of the logged in user.
Further information on this vulnerability is available at : CVE-2021-40486
Affected Software
Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office Online Server
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)