6.8
CVSSv2

CVE-2021-31939

Published: 08/06/2021 Updated: 14/06/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft 365 apps -

microsoft excel 2013

microsoft excel 2016

microsoft office 2013

microsoft office 2016

microsoft office 2019

microsoft office online server -

microsoft office web apps server 2013

Recent Articles

Microsoft Office MSGraph vulnerability could lead to code execution
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.
Because the component can be embedded in most Office documents, an attacker can use it to deliver a malicious payload without the need for special functions.
Tracked as
, the security flaw is part of a larger set of security vulnerabilities that researchers at Chec...