Vulnerability Details CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Exploit prediction scoring system (EPSS) score
EPSS Score 0.937
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
Ransomware Campaign
Unknown
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
- https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
- https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-script
- https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-mitigation-script
Products affected by CVE-2024-21413
-
cpe:2.3:a:microsoft:365_apps:-
-
cpe:2.3:a:microsoft:office:2016
-
cpe:2.3:a:microsoft:office:2019
-
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021