CVE-2022-34717
Published: 09 August 2022
Summary
CVE-2022-34717 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-34717 is a remote code execution vulnerability affecting Microsoft Office. It carries a CVSS 3.1 base score of 8.8 with a network attack vector, low attack complexity, no required privileges, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.
An unauthenticated attacker can exploit the flaw over the network by supplying a specially crafted file or document that a user must open or preview, enabling arbitrary code execution in the context of the current user.
Microsoft security advisories at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34717 provide patch information and mitigation guidance for affected Office installations.
The associated EPSS score has remained flat at 0.1097 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37666
Vulnerability details
Microsoft Office Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.