Login Sign Up

CVE-2024-41165

7.1 HIGH

📋 TL;DR

A library injection vulnerability in Microsoft Word 16.83 for macOS allows malicious applications to inject specially crafted libraries, leveraging Word's access privileges to bypass permissions. This affects macOS users running the vulnerable version of Microsoft Word. Attackers could potentially gain unauthorized access to system resources through Word's permissions.

💻 Affected Systems

Products:
  • Microsoft Word
Versions: 16.83
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Microsoft Word 16.83 on macOS. Requires a malicious application to be present on the system to exploit.

📦 What is this software?

Word by Microsoft

View all CVEs affecting Word →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation, allowing attackers to execute arbitrary code with Word's permissions, potentially gaining access to sensitive documents and system resources.

🟠

Likely Case

Local privilege escalation where a malicious application gains Word's permissions to access protected files or system resources it shouldn't have access to.

🟢

If Mitigated

Limited impact with proper application sandboxing and least privilege principles in place, potentially preventing successful exploitation.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious application to be present on the target system and the user to launch Microsoft Word. This is a local attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for latest version

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41165

Restart Required: Yes

Instructions:

1. Open Microsoft Word
2. Go to Help > Check for Updates
3. Install any available updates
4. Restart Microsoft Word

🔧 Temporary Workarounds

Disable automatic library loading

macOS

Configure macOS to restrict library loading from untrusted locations

sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"

Restrict Word execution

macOS

Use macOS privacy controls to restrict Word's permissions

🧯 If You Can't Patch

  • Restrict user permissions to limit Word's access to sensitive resources
  • Implement application allowlisting to prevent unauthorized applications from running

🔍 How to Verify

Check if Vulnerable:

Check Microsoft Word version in About Word dialog (Word > About Word)

Check Version:

defaults read /Applications/Microsoft\ Word.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify Word version is updated beyond 16.83 and check Microsoft Security Update status

📡 Detection & Monitoring

Log Indicators:

  • Unexpected library loading by Microsoft Word process
  • Word process accessing privileged resources unexpectedly

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

process_name:"Microsoft Word" AND event_type:"library_load" AND library_path NOT CONTAINS "/Applications/Microsoft Word.app/"

📊 Metadata

CVE ID: CVE-2024-41165
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-347
Published: December 18, 2024
Last Updated: August 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41165, you might also want to check these:

CVE-2022-24884 10.0

This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value ...

Same vulnerability type (CWE-347)
CVE-2023-25574 10.0

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LT...

Same vulnerability type (CWE-347)
CVE-2024-45409 10.0

CVE-2024-45409 is a critical authentication bypass vulnerability in the Ruby SAML library where SAML...

Same vulnerability type (CWE-347)