CVE-2024-21413 - Microsoft Outlook Improper Input Validation Vulnerability

: Microsoft | Office Outlook

Date Added:
2025-02-06

Due Date:
2025-02-27

Vulnerability Name: Microsoft Outlook Improper Input Validation Vulnerability

Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413

Related News Articles

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsFebruary 10, 2025

Critical RCE bug in Microsoft Outlook now exploited in attacksFebruary 7, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard