gsd - gsd-2021-31177

gsd-2021-31177

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.

Aliases

CVE-2021-31177

Aliases

CVE-2021-31177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-31177",
    "description": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.",
    "id": "GSD-2021-31177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-31177"
      ],
      "details": "Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.",
      "id": "GSD-2021-31177",
      "modified": "2023-12-13T01:23:13.232978Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-31177",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office 2019 for Mac",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office Online Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "16.0.10374.20000"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft 365 Apps for Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Excel 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0.0",
                          "version_value": "16.0.5161.1000"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Excel 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0.0",
                          "version_value": "15.0.5345.1000"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office Web Apps Server 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.1",
                          "version_value": "15.0.5345.1000"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office Remote Code Execution Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
                    "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                    "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
                    "matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:-:*:*",
                    "matchCriteriaId": "384D4B06-BC7D-45E3-83B2-9A661985715F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*",
                    "matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "941B16A2-931D-4031-A016-5EA60E87BE20",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",
                    "matchCriteriaId": "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Office Remote Code Execution Vulnerability"
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Office. Este ID de CVE es diferente de CVE-2021-31175, CVE-2021-31176, CVE-2021-31179"
          }
        ],
        "id": "CVE-2021-31177",
        "lastModified": "2023-12-29T00:15:48.423",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-05-11T19:15:09.703",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cve-2021-31177

Vulnerability from cvelistv5

Published

2021-05-11 19:11

Modified

2024-08-03 22:55

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft Office Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-576/	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft Office 2019
	Microsoft	Microsoft Office 2019 for Mac
	Microsoft	Microsoft Office Online Server
	Microsoft	Microsoft 365 Apps for Enterprise
	Microsoft	Microsoft Excel 2016
	Microsoft	Microsoft Excel 2013 Service Pack 1
	Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1

Show details on NVD website