Arbitrary File Creation Vulnerability in ToWord of ToOffice

CVE-2021-26618 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.

Learn more about our Cis Benchmark Audit For Microsoft Office.