CVE-2024-41165

CVSS 7.1 · High EPSS 0.10% · P27 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-41165

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

密码学签名的验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Office 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Office是美国微软（Microsoft）公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office 16.83版本存在安全漏洞，该漏洞源于在macOS版本中，特制的库可利用Word的访问权限，从而导致权限绕过。恶意应用程序可以注入库并启动程序以触发此漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft	Word	16.83 for macOS	-

II. Public POCs for CVE-2024-41165

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-41165

请登录查看更多情报信息。

Same Patch Batch · Microsoft · 2024-12-18 · 10 CVEs total

CVE-2024-43106	7.1 HIGH	Microsoft Office 安全漏洞
CVE-2024-42220	7.1 HIGH	Microsoft Office 安全漏洞
CVE-2024-42004	7.1 HIGH	Microsoft Teams 安全漏洞
CVE-2024-41159	7.1 HIGH	Microsoft Office 安全漏洞
CVE-2024-41145	7.1 HIGH	Microsoft Teams 安全漏洞
CVE-2024-41138	7.1 HIGH	Microsoft Teams 安全漏洞
CVE-2024-39804	7.1 HIGH	Microsoft Office PowerPoint 安全漏洞
CVE-2022-40733	5.0 MEDIUM	Microsoft win32kbase.sys 代码问题漏洞
CVE-2022-40732	5.0 MEDIUM	Microsoft win32kbase.sys 代码问题漏洞

IV. Related Vulnerabilities

Same product: Word

Same vendor: Microsoft

Same weakness: CWE-347

V. Comments for CVE-2024-41165

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-41165

I. Basic Information for CVE-2024-41165

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-41165

III. Intelligence Information for CVE-2024-41165

Same Patch Batch · Microsoft · 2024-12-18 · 10 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-41165

Leave a comment