Microsoft Excel Library Injection Vulnerability on macOS
CVE-2024-43106 Published on December 18, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Vulnerability Analysis
CVE-2024-43106 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-43106. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2024-43106
Want to know whenever a new CVE is published for Microsoft Excel? stack.watch will email you.
Affected Versions
Microsoft Excel Version 16.83 for macOS is affected by CVE-2024-43106Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.