CVE-2022-21842
Published: 11 January 2022
Summary
CVE-2022-21842 is a high-severity an unspecified weakness vulnerability in Microsoft Word. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 11.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Word contains a remote code execution vulnerability tracked as CVE-2022-21842. The flaw affects the Microsoft Word application and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low attack complexity, no required privileges, and required user interaction, with high impact to confidentiality, integrity, and availability.
An attacker can exploit the issue by supplying a specially crafted document that a victim opens in Microsoft Word. Successful exploitation grants the attacker the ability to execute arbitrary code in the context of the current user, potentially leading to full control over affected documents and system resources reachable from that user account.
Microsoft security advisories at the listed MSRC URLs describe the vulnerability and direct administrators to apply the patches released through the standard Microsoft Update channels.
The associated EPSS score rose materially from low values at disclosure to a peak of 0.1804 on 2025-01-22 before receding to the current 0.0395, indicating that exploitation interest increased well after the initial publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-26998
Vulnerability details
Microsoft Word Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.