"Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running," said Satnam Narang, senior staff research engineer at Tenable.
"In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need local access to exploit CVE-2024-38226," Narang added.
CVE-2024-43491, rated 9.8, is particularly concerning as it parallels a downgrade attack, as outlined by cybersecurity firm SafeBreach in early September.
CVE-2024-38217, also known as LNK Stomping, has been exploited in the wild since February 2018, as disclosed by Elastic Security Labs.
[
Collection
]
[
|
...
]