CVE-2024-38226 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Publisher Protection Mechanism Failure Vulnerability

Exploit added

September 10, 2024

Action due

October 1, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Microsoft Publisher Security Feature Bypass Vulnerability

CWE-ID	CWE Name
CWE-693	Protection Mechanism Failure

cpe:2.3:a:microsoft:publisher:2016::::::x64:
cpe:2.3:a:microsoft:publisher:2016::::::x86:
cpe:2.3:a:microsoft:office:2021::::ltsc::x64:*
cpe:2.3:a:microsoft:office:2021::::ltsc::x86:*
cpe:2.3:a:microsoft:office:2019:::::-:x86:*
cpe:2.3:a:microsoft:office:2019:::::-:x64:*
cpe:2.3:a:microsoft:office:2019::::click-to-run::x64:*
cpe:2.3:a:microsoft:office:2019::::click-to-run::x86:*
cpe:2.3:a:microsoft:office:2019::::::x64:
cpe:2.3:a:microsoft:office:2019::::::x86:

Source:
NVD

Published:
September 10, 2024

Updated:
September 12, 2024

Base score:
7.3

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Not defined