CVE-2021-3865815.09.2021, 12:15Microsoft Office Graphics Remote Code Execution VulnerabilityType ConfusionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.8 HIGHLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmicrosoftCNA7.8 HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CCVEADP------Awaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 90%Common Weakness EnumerationCWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658https://www.zerodayinitiative.com/advisories/ZDI-21-1083/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658https://www.zerodayinitiative.com/advisories/ZDI-21-1083/