The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:
– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-28455, CVE-2021-31175, CVE-2021-31176, CVE-2021-31177, CVE-2021-31179, CVE-2021-31180)
– An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-31174, CVE-2021-31178)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More