CVE-2021-27059

Microsoft Office Remote Code Execution Vulnerability

CVSS 7.6 HIGHEPSS 3.2%● KEV

In short

A flaw in Microsoft Office allows attackers to run malicious code on your computer by tricking you into opening a specially crafted Office document. This is dangerous because it gives attackers complete control of your system.

Technical detail

Remote code execution vulnerability in Microsoft Office triggered via a malicious document file. The attack vector requires user interaction (opening/previewing a crafted file), but upon exploitation, arbitrary code executes with the privileges of the Office application process. This enables full system compromise depending on user privilege level.

Summary generated and translated by AI from the official description.

Microsoft Office Remote Code Execution Vulnerability

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Office 2010 Service Pack 2 Microsoft · Microsoft Office 2013 Service Pack 1 Microsoft · Microsoft Office 2016

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27059 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27059