Microsoft Outlook Improper Input Validation Vulnerability
Summary
| CVE | CVE-2024-21413 |
|---|---|
| State | PUBLISHED |
| Assigner | Unknown |
| Source Priority | Enrichment-only fallback |
| Published | 2025-02-06 00:00:00 UTC |
| Updated | 2026-04-02 17:47:12 UTC |
| Description | Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. |
Risk And Classification
EPSS: 0.929620000 probability, percentile 0.997770000 (date 2026-04-03)
CISA KEV: Listed on 2025-02-06; due 2025-02-27; ransomware use Unknown
CISA Known Exploited Vulnerability
| Vendor | Microsoft |
|---|---|
| Product | Office Outlook |
| Name | Microsoft Outlook Improper Input Validation Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413 |
There are no known software configurations currently associated with this CVE in NVD or the CVE Program record.
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 110458 Microsoft Office Remote Code Execution (RCE) Vulnerability for February 2024