CVE-2022-41060

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-41060
Microsoft Word Information Disclosure Vulnerability

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*
cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
History

10 Mar 2023, 18:15

Type Values Removed Values Added
Summary Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103. Microsoft Word Information Disclosure Vulnerability
References
  • {'url': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060', 'name': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060 -

15 Nov 2022, 16:19

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:*
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
References (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060 - (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41060 - Patch, Vendor Advisory
CWE NVD-CWE-noinfo
First Time Microsoft sharepoint Enterprise Server
Microsoft office Online Server
Microsoft office Web Apps Server
Microsoft 365 Apps
Microsoft office
Microsoft sharepoint Server
Microsoft word
Microsoft

10 Nov 2022, 00:33

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-09 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-41060

Mitre link : CVE-2022-41060

CVE.ORG link : CVE-2022-41060

JSON object : View

Products Affected

microsoft

  • office
  • office_online_server
  • office_web_apps_server
  • sharepoint_server
  • word
  • sharepoint_enterprise_server
  • 365_apps
CWE
NVD-CWE-noinfo