CVE-2021-40486: Microsoft Office Word Converter Use-After-Free Remote Code Execution Vulnerability
First published: Tue Oct 12 2021(Updated: )
Microsoft Word Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office 2019 for 32-bit editions | ||
| Microsoft Office 2019 for 64-bit editions | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft Office Online Server | ||
| Microsoft SharePoint Enterprise Server 2013 | ||
| Microsoft Word 2013 | ||
| Microsoft Word 2013 | ||
| Microsoft Word 2013 RT | ||
| Microsoft Office Web Apps Server 2013 | ||
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft Word 2016 | ||
| Microsoft Word 2016 | ||
| Microsoft Office | =2019 | |
| Microsoft Office Online Server | ||
| Microsoft Office Web Apps Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2016 | |
| Microsoft SharePoint Server | =2019 | |
| Microsoft Word | =2013-sp1 | |
| Microsoft Word | =2013-sp1 | |
| Microsoft Word | =2016 | |
| Microsoft Office |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40486?
CVE-2021-40486 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Microsoft Office.
How severe is CVE-2021-40486?
CVE-2021-40486 has a severity rating of 7.8, which is considered critical.
How can this vulnerability be exploited?
To exploit CVE-2021-40486, user interaction is required in the form of visiting a malicious page or opening a malicious file.
Which products are affected by CVE-2021-40486?
Microsoft Office, Microsoft Word 2013, Microsoft Word 2016, Microsoft SharePoint Enterprise Server 2013, Microsoft Office Web Apps Server 2013, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Online Server, Microsoft Word 2013 RT, Microsoft Office 2019 for 32-bit editions, Microsoft SharePoint Server 2019, and Microsoft Office 2019 for 64-bit editions are affected by CVE-2021-40486.
How can I fix CVE-2021-40486?
To fix CVE-2021-40486, you should apply the relevant patches or updates provided by Microsoft for the affected products.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/msrc-cve
- source/Microsoft
- agent/software-canonical-lookup
- collector/nvd-api
- collector/nvd-index
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-1158
- alias/ZDI-CAN-14203
- alias/CVE-2021-40486
- vendor/microsoft
- canonical/microsoft office 2019 for 32-bit editions
- canonical/microsoft office 2019 for 64-bit editions
- canonical/microsoft sharepoint server 2019
- canonical/microsoft office online server
- canonical/microsoft sharepoint enterprise server 2013
- canonical/microsoft word 2013
- canonical/microsoft word 2013 rt
- canonical/microsoft office web apps server 2013
- canonical/microsoft sharepoint enterprise server 2016
- canonical/microsoft word 2016
- canonical/microsoft office
- version/microsoft office/2019
- canonical/microsoft office web apps server
- version/microsoft office web apps server/2013-sp1
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2013-sp1
- version/microsoft sharepoint enterprise server/2016
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2019
- canonical/microsoft word
- version/microsoft word/2013-sp1
- version/microsoft word/2016