CVE-2024-38189
ENISA EUVD: EUVD-2024-37158 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
3 articles
Published: 2024-08-13
EPSS Score
Source: FIRST.org · 2026-05-23
43.66%
probability
This CVE has a 43.66% probability
of being exploited in the next 30 days.
0%
Top 97.6th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Functional
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Description
NVDMicrosoft Project Remote Code Execution Vulnerability
Affected Products
Microsoft
Microsoft Office 2019
19.0.0
Microsoft
Microsoft 365 Apps for Enterprise
16.0.1
Microsoft
Microsoft Project 2016
16.0.0.0
Microsoft
Microsoft Office LTSC 2021
16.0.1
Google Project Zero
Patched
Aug. 13, 2024
Reported by
???
Root Cause Analysis
???
Signal Intelligence
Confidence
82%
EPSS
43.66%
CVSS v3.1
8.8
Mentions
3
Last Seen
Aug 13, 2024
CNA Information
CNA Assigner
microsoft
CNA Title
Microsoft Project Remote Code Execution Vulnerability
Analyst Note
This CVE is confirmed as a zero-day RCE vulnerability in Microsoft Project with a high CVSS score (8.8) and documented exploitation. While not yet listed in CISA KEV, its inclusion in Google Project Zero and Microsoft's August 2024 Patch Tuesday as one of 9 zero-days with 6 actively exploited variants provides strong evidence of legitimacy.
Triage Info
Decided atMar 03, 2026
Published DateAug 13, 2024