Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-43255 |
CWE-ID | CWE-451 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Microsoft Office Client/Desktop applications / Office applications Microsoft 365 Apps for Enterprise Client/Desktop applications / Other client software Microsoft Office LTSC 2021 Other software / Other software solutions |
Vendor | Microsoft |
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU58926
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-43255
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft Office Trust Center. A local attacker can spoof page content.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Office: 2013 - 2019
Microsoft 365 Apps for Enterprise: 32-bit Systems - 64-bit Systems
Microsoft Office LTSC 2021: 32 bit editions - 64 bit editions
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43255
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?