CVE-2021-42292

ENISA EUVD: EUVD-2021-29267 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 3 articles Published: 2021-11-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

35.49%

probability

This CVE has a 35.49% probability of being exploited in the next 30 days.

0% Top 97.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Proof-of-Concept

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVSS v2 (legacy)

6.8

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

NVD

Microsoft Excel Security Feature Bypass Vulnerability

Affected Products

Microsoft

Microsoft Office 2019

19.0.0

Microsoft

Microsoft Office 2019 for Mac

16.0.0

Microsoft

Microsoft 365 Apps for Enterprise

16.0.1

Microsoft

Microsoft Office LTSC for Mac 2021

16.0.1

Microsoft

Microsoft Office LTSC 2021

16.0.1

microsoft

365 apps

microsoft

excel

microsoft

office

microsoft

office long term servicing channel

Microsoft

Microsoft Office 2019 for Mac

16.0.0 <16.55.21111400

Microsoft

Microsoft Excel 2013 Service Pack 1

15.0.0.0 <15.0.5397.1001

Microsoft

Microsoft Excel 2016

16.0.0.0 <16.0.5239.1001

Microsoft

Microsoft Office LTSC 2021

16.0.1 <https://aka.ms/OfficeSecurityReleases

Microsoft

Microsoft Office LTSC for Mac 2021

16.0.1 <16.55.21111400

Microsoft

Microsoft Office 2016

16.0.0 <16.0.5239.1001

Microsoft

Microsoft Office 2019

19.0.0 <https://aka.ms/OfficeSecurityReleases

Microsoft

Microsoft 365 Apps for Enterprise

16.0.1 <https://aka.ms/OfficeSecurityReleases

Microsoft

Microsoft Office 2013 Service Pack 1

15.0.0 <15.0.5397.1001

Google Project Zero

Patched

Nov. 9, 2021

Reported by

Microsoft Threat Intelligence Center (MSTIC)

Root Cause Analysis

???

Exploits & PoC

corelight/CVE-2021-42292

A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.

18 2021-11-11

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 35.49%

CVSS v3.1 7.8

Mentions 3

Last Seen Nov 11, 2021

CNA Information

CNA Assigner

microsoft

CNA Title

Microsoft Excel Security Feature Bypass Vulnerability

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 2

APT 29

apt_group Information theft and espionage 🇷🇺 RU

Kimsuky

apt_group Information theft and espionage 🇰🇷 KR

Triage Info

Decided atMar 05, 2026

Published DateNov 10, 2021