#Security Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?** Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit this vulnerability by crafting a malicious RTF file. If a user opens the file or it is rendered in the preview pane, the attacker could execute arbitrary code in the user's context.

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.