Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33150: Microsoft Office Security Feature Bypass Vulnerability

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires the victim to open a specially crafted file and click through Office Security Prompt(s). An attacker would have no way to force users to open the file.,

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
Microsoft Security Response Center
#vulnerability#web#microsoft#Microsoft Office#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8