CVE-2024-43106

Published: Dec 18, 2024Modified: Aug 22, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Affected (1)

Products: Microsoft: Excel

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 16.83

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1976

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1976

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1976

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.