Main Vulnerability Database Vulnerabilities #VU88377

Double Free in Microsoft Office LTSC and Microsoft 365 Apps for Enterprise - CVE-2024-26257

Published: April 10, 2024

Vulnerability identifier: #VU88377

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-26257

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Office LTSC
Microsoft 365 Apps for Enterprise

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Microsoft Excel. A remote attacker can trick a victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2024-26257

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257

Double Free in Microsoft Office LTSC and Microsoft 365 Apps for Enterprise - CVE-2024-26257

Detailed vulnerability description

How to mitigate CVE-2024-26257

Sources

Please verify you're human