Information disclosure in Microsoft Office LTSC 2021 and Microsoft Office

#VU68154 Information disclosure in Microsoft Office LTSC 2021 and Microsoft Office

Published: 2022-10-11

Vulnerability identifier: #VU68154

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-41043

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Microsoft Office LTSC 2021
Other software / Other software solutions
Microsoft Office
Client/Desktop applications / Office applications

Vendor: Microsoft

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Microsoft Office. A local user can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft Office LTSC 2021: 2021 for Mac

Microsoft Office: 2019 for Mac

CPE

cpe:2.3:a:microsoft:microsoft_office_ltsc_2021:2021:for Mac:*:*:*:*:*:*

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41043

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft Office