Low
CVE-2024-49033
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2024-49033
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Microsoft Word Security Feature Bypass Vulnerability
Add Assessment
Ratings
-
Attacker ValueLow
-
ExploitabilityLow
Technical Analysis
This is a 0-day vulnerability because Microsoft still can not do anything against this nonsense to input a VBS programming language into the Word program – macros options.
That they make verification of any VBS is not fixing the problem. In this case, the attacker can bypass this security view of Office 365 – Word, and the victim can easily open a malicious docx file that directly communicates with the attacker’s server. This won’t be nice for the target.
#NOTE: I will not upload any code, for security reasons! Sorry about that but you can find it, if you want :)! Best Regards to the Rapid7 team!
Demo of PoC [+]:
PoC
Best Regards to all.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- microsoft
Products
- 365 apps -,
- office 2019,
- office long term servicing channel 2021,
- office long term servicing channel 2024,
- word 2016
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Hey @nu11secur1ty, it’s not beneficial to the community to post a link to a PoC that directs to a personal platform you appear to be using for profit. We’ve spoken before about the need to share open information on AttackerKB — please either link to an open-source PoC or remove the link to the PoC on Patreon. We’ll give you 24 hours to fix this or else we will remove this assessment.