Input validation error in Microsoft products - CVE-2022-41061
Published: November 8, 2022
Vulnerability identifier: #VU69085
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-41061
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Office Online Server
Microsoft Word
Microsoft Office for macOS
Microsoft Office
Microsoft 365 Apps for Enterprise
Microsoft SharePoint Server
Microsoft Office Web Apps Server
SharePoint Server Subscription Edition Language Pack
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Office Online Server
Microsoft Word
Microsoft Office for macOS
Microsoft Office
Microsoft 365 Apps for Enterprise
Microsoft SharePoint Server
Microsoft Office Web Apps Server
SharePoint Server Subscription Edition Language Pack
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft Word. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.