The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:
– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43256, CVE-2021-43875)
– An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-42293)
– A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-43255)
– An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-42295)Read More