CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38189

Medium Severity
Microsoft
SVRS
36/100
CVSSv3
8.8/10
EPSS
0.38016/1

CVE-2024-38189 is a Microsoft Project Remote Code Execution Vulnerability that allows attackers to execute arbitrary code. This vulnerability, while having a CVSS score of 8.8, has a SOCRadar Vulnerability Risk Score (SVRS) of 36, indicating a moderate risk level. However, the "In The Wild" and "Exploit Available" tags, along with its inclusion in the CISA KEV catalog, suggest active exploitation and heightened risk. Successful exploitation could lead to complete system compromise. Given the availability of active exploits, organizations should apply the vendor-advisory patches. Immediate action is needed despite the moderate SVRS. Organizations must prioritize patching Microsoft Project installations to mitigate potential threats.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2025-04-15
LAST MODIFIED2024-08-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38189 is a remote code execution vulnerability in Microsoft Project. The vulnerability allows an attacker to execute arbitrary code on a target system by sending a specially crafted file to the target system. The vulnerability has a CVSS score of 8.8, indicating a high severity level. However, SOCRadar's SVRS assigns a score of 36, indicating a moderate risk level. This discrepancy is due to the fact that the SVRS takes into account additional factors, such as social media chatter, news reports, and dark web data, which may not be reflected in the CVSS score.

Key Insights:

  • The vulnerability is actively exploited in the wild, meaning that attackers are actively using it to target systems.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, calling for immediate and necessary measures to mitigate the risk.
  • The vulnerability is relatively easy to exploit, as it only requires an attacker to send a specially crafted file to the target system.
  • The vulnerability affects all versions of Microsoft Project, making it a widespread threat.

Mitigation Strategies:

  • Apply the latest security updates from Microsoft as soon as possible.
  • Disable macros in Microsoft Project files from untrusted sources.
  • Use a firewall to block unauthorized access to the target system.
  • Implement intrusion detection and prevention systems to detect and block attacks.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Microsoft Project Remote Code Execution Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-381892024-08-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Microsoft Patchday August 2024 - mehrere aktiv ausgenutzte Schwachstellen
CERT.at2025-04-01
Microsoft Patchday August 2024 - mehrere aktiv ausgenutzte Schwachstellen | Mit den im Rahmen des monatlichen Patchdays ausgelieferten Updates behebt Microsoft im August insgesamt 92 Schwachstellen. Au&szlig;ergew&ouml;hnlich ist in diesem Monat die Anzahl an Sicherheitsl&uuml;cken welche bereits aktiv durch Bedrohungsakteure ausgenutzt werden. Bei den missbrauchten L&uuml;cken handelt es sich um CVE-2024-38189, CVE-2024-38178, <
cert.at
rss
forum
news
CVE-2024-38189 | Microsoft Office Project input validation
vuldb.com2025-03-15
CVE-2024-38189 | Microsoft Office Project input validation | A vulnerability was found in Microsoft Office. It has been classified as critical. Affected is an unknown function of the component Project. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-38189. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply
rss
vuldb.com
forum
news
Microsoft Fixes Six Actively Exploited Bugs | Decipher - Decipher
2024-08-14
Microsoft Fixes Six Actively Exploited Bugs | Decipher - Decipher | News Content: Microsoft has released patches for six flaws that are being actively exploited as part of its regularly scheduled patch Tuesday releases. The flaws exist in Microsoft’s Project management software and various Windows products, from Windows Scripting Engine to the Windows Power Dependency Coordinator component responsible for managing system power usage. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added the flaws to its Known Exploited Vulnerability catalog and gave federal government agencies a three week deadline for applying the patches, it is “unknown” whether the flaws
google.com
rss
forum
news
The August 2024 Security Update Review
Dustin Childs2024-11-01
The August 2024 Security Update Review | I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches
zerodayinitiative.com
rss
forum
news
Microsoft Patched 6 Actively Exploited Zero-Day Flaws - TechRepublic
2024-08-14
Microsoft Patched 6 Actively Exploited Zero-Day Flaws - TechRepublic | News Content: Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the Windows kernel. CVE-2024-38107: an elevation of privilege
google.com
rss
forum
news
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited - SecurityWeek
2024-08-13
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited - SecurityWeek | News Content: Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. Flipboard Reddit Whatsapp Whatsapp Email Microsoft warned Tuesday of six actively exploited Windows security defects, highlighting ongoing struggles with zero-day attacks across its flagship operating system. Redmond’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and raised eyebrows when it marked a half-dozen flaws in the actively exploited category. Here’s
google.com
rss
forum
news
Microsoft patches six actively exploited vulnerabilities - CSO Online
2024-08-13
Microsoft patches six actively exploited vulnerabilities - CSO Online | News Content: Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed. Credit: Clint Patterson / Unsplash Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four were publicly disclosed, putting the total number of zero-day vulnerabilities covered in this release at 10. Of the 88 vulnerabilities patched only seven are rated critical, 79 are
google.com
rss
forum
news

Social Media

The following CVEs have been added to our n-day feed: - CVE-2024-38189: Microsoft Project Improper Input Validation RCE - CVE-2024-43454 Microsoft Windows Remote Desktop Licensing Service Relative Path Traversal Arbitrary File Deletion https://t.co/Nw6eZdt4CA
0
0
5
Microsoft - CVE-2024-38189 https://t.co/gLznstYceF
0
0
0
Attention #Windows users #Microsoft’s latest #Patch Tuesday addressed over 80 vulnerabilities, including 10 #zero-day flaws. Six of these are #actively exploited and have been added to #CISA's Known Exploited Vulnerabilities Catalog. 1️⃣ CVE-2024-38189: Microsoft Project RCE
0
0
0
Remote Code Execution - Microsoft Project (CVE-2024-38189). There are quite a few conditions required for a successful attack, but Microsoft has reported cases of exploitation of the vulnerability in the wild. #Microsoft #MSProject #VBA ➡️ https://t.co/jHC93qDsmB https://t.co/7YMyJqXcik
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppMicrosoftproject_2016
AppMicrosoft365_apps
AppMicrosoftoffice
AppMicrosoftoffice_long_term_servicing_channel

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189
MICROSOFT PROJECT REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189
MICROSOFT PROJECT REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence