CVE-2024-21413

Published: Feb 13, 2024Modified: Oct 28, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Microsoft Outlook Remote Code Execution Vulnerability

Affected (6)

Products: Microsoft: 365 Apps, Office 2016, Office 2019, Office Long Term Servicing Channel

4 products

Office Long Term Servicing Channel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft Office 2016	All versions
Microsoft Office 2016	All versions
Microsoft Office 2019	All versions
Microsoft Office 2019	All versions
Microsoft Office Long Term Servicing Channel	Version 2021

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-script

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-mitigation-script

Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21413

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.