CVE-2024-20673

Published: Feb 13, 2024Modified: May 19, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Microsoft Office Remote Code Execution Vulnerability

Affected (9)

Products: Microsoft: Excel, Office, Office Long Term Servicing Channel, Powerpoint, Publisher, Skype For Business, Visio, Word

8 products

Office Long Term Servicing Channel

Skype For Business

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2016
Microsoft Office	Version 2016
Microsoft Office	Version 2019
Microsoft Office Long Term Servicing Channel	Version 2021
Microsoft Powerpoint	Version 2016
Microsoft Publisher	Version 2016
Microsoft Skype For Business	Version 2016
Microsoft Visio	Version 2016
Microsoft Word	Version 2016

Related CWEs

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.