CVE-2024-38189

Published: Aug 13, 2024Modified: Oct 28, 2025CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Microsoft Project Remote Code Execution Vulnerability

Affected (6)

Products: Microsoft: 365 Apps, Office 2019, Office Long Term Servicing Channel, Project 2016

4 products

Office Long Term Servicing Channel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft Office 2019	All versions
Microsoft Office 2019	All versions
Microsoft Office Long Term Servicing Channel	Version 2021
Microsoft Office Long Term Servicing Channel	Version 2021
Microsoft Project 2016	Before 16.0.5461.1001

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189

Source: secure@microsoft.com

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38189

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.