PT-2024-2255 · Microsoft · Office

Iván Almuiña

Published

2024-02-06

Updated

2024-12-06

CVE-2024-26199

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified)

Description The issue is related to the incorrect handling of symbolic links by the Office Performance Monitor executable in Microsoft Office, which can be exploited by creating a specially crafted symbolic link. This can allow an attacker to escalate their privileges. The vulnerability can be exploited by local attackers to gain elevated privileges on affected systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2024-02188

CVE-2024-26199

ZDI-24-294

Affected Products

Office

PT-2024-2255 · Microsoft · Office

CVE-2024-26199

Weakness Enumeration

Related Identifiers

Affected Products

References · 9