CVE-2024-21402: Microsoft Outlook Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.1)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Feb

Released

2024-02-13

EPSS Score

0.45% (percentile: 63.8%)

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability? Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the files. What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would gain the rights of the user that is running the affected application.

Affected Products (2)

Microsoft Office

• Microsoft 365 Apps for Enterprise for 32-bit Systems
• Microsoft 365 Apps for Enterprise for 64-bit Systems

Acknowledgments

Aaron Erlandson, Trevor Harris, Jeff Klouda and Maggie Li

Revision History

• 2024-02-13: Information published.