CVE-2024-38171: 
vulnerability analysis and mitigation

Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2024-38171) is a security flaw discovered in Microsoft PowerPoint and related Office products. The vulnerability was reported on June 6, 2024, and publicly disclosed on August 13, 2024. The affected products include Microsoft 365 Apps, Office 2019, Office LTSC 2021, and PowerPoint 2016 (NVD).

The vulnerability is classified as a Use-After-Free (UAF) issue that occurs within the parsing of PPTX files. The specific flaw exists due to the lack of validating the existence of an object prior to performing operations on it. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. The attacker can leverage this vulnerability to execute code in the context of the current process, potentially gaining the same rights as the logged-in user (ZDI).

Microsoft has released security updates to address this vulnerability. Users can obtain the update through Microsoft Update, Microsoft Update Catalog, or Microsoft Download Center. For PowerPoint 2016, security update KB5002586 has been released and replaces the previously released security update KB5002495 (Microsoft Support).