Cyber Resilience

CVE-2022-34717

High

Published: 09 August 2022

Published
09 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1097 93.6th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-34717 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-34717 is a remote code execution vulnerability affecting Microsoft Office. It carries a CVSS 3.1 base score of 8.8 with a network attack vector, low attack complexity, no required privileges, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.

An unauthenticated attacker can exploit the flaw over the network by supplying a specially crafted file or document that a user must open or preview, enabling arbitrary code execution in the context of the current user.

Microsoft security advisories at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34717 provide patch information and mitigation guidance for affected Office installations.

The associated EPSS score has remained flat at 0.1097 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Microsoft Office Remote Code Execution Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2013, 2016, 2019
microsoft
office long term servicing channel
2021

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References