The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:
– A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-38650)
– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38646, CVE-2021-38655, CVE-2021-38658, CVE-2021-38659, CVE-2021-38660)
– An information disclosure vulnerability in the graphics component. An attacker can exploit this to disclose sensitive information. (CVE-2021-38657)Read More