CVE-2024-41165

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1977	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1977	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:word:16.83:*:*:*:*:macos:*:*

History

22 Aug 2025, 21:35

Type	Values Removed	Values Added
CPE		cpe:2.3:a:microsoft:word:16.83:::::macos::
First Time		Microsoft Microsoft word
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1977 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1977 - Exploit, Third Party Advisory
References	~~() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1977 -~~	() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1977 - Exploit, Third Party Advisory
Summary		(es) Existe una vulnerabilidad de inyección de librería en Microsoft Word 16.83 para macOS. Una librería especialmente manipulada puede aprovechar los privilegios de acceso de Word, lo que lleva a una omisión de permisos. Una aplicación malintencionada podría inyectar una librería e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicación vulnerable.

18 Dec 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-18 23:15

Updated : 2025-08-22 21:35

NVD link : CVE-2024-41165

Mitre link : CVE-2024-41165

CVE.ORG link : CVE-2024-41165

JSON object : View

Products Affected

microsoft

word

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2024-41165", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-12-18T23:15:08.300", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1977", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1977", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de librer\u00eda en Microsoft Word 16.83 para macOS. Una librer\u00eda especialmente manipulada puede aprovechar los privilegios de acceso de Word, lo que lleva a una omisi\u00f3n de permisos. Una aplicaci\u00f3n malintencionada podr\u00eda inyectar una librer\u00eda e iniciar el programa para activar esta vulnerabilidad y luego hacer uso de los permisos de la aplicaci\u00f3n vulnerable."}], "lastModified": "2025-08-22T21:35:17.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:word:16.83:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "A86B9B44-FC62-4299-9A1A-2D292E3E293F"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}