Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. Are the updates for the Microsoft Office LTSC and Microsoft 365 for Mac currently available? The security update for Microsoft Office LTSC for Mac 2021, 2024 and Microsoft 365 for Mac are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.
Ron Ben Yizhak with <a href="https://www.safebreach.com/">SafeBreach</a>