CVE-2021-43875: Microsoft Office Graphics Remote Code Execution Vulnerability
Overview
- Severity
- High (CVSS 7.8)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2021-Dec
- Released
- 2021-12-14
- EPSS Score
- 0.69% (percentile: 71.9%)
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Affected Products (8)
Microsoft Office
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office 2019 for Mac
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office LTSC for Mac 2021
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
Security Updates (1)
Acknowledgments
<a href="https://twitter.com/soorajks">Sooraj KS</a> with <a href="https://www.sophos.com/">Sophos</a>, <a href="https://twitter.com/MajorTomSec">Thomas Bouzerar</a> from <a href="https://twitter.com/Synacktiv">Synacktiv</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
Revision History
- 2021-12-14: Information published.