CVE-2024-39804
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Existe una vulnerabilidad de inyección de librería en Microsoft PowerPoint 16.83 para macOS. Una librería especialmente manipulada puede aprovechar los privilegios de acceso de PowerPoint, lo que lleva a una omisión de permisos. Una aplicación malintencionada podría inyectar una librería e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicación vulnerable.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-08-05 CVE Reserved
- 2024-12-18 CVE Published
- 2024-12-20 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2024-1974 | ||
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1974 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | PowerPoint Search vendor "Microsoft" for product "PowerPoint" | 16.83 Search vendor "Microsoft" for product "PowerPoint" and version "16.83" | en |
Affected
| ||||||