CVE-2021-42292

HIGH KEV

Microsoft Excel - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2021-42292 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 17, 2021. EIP tracks 1 public exploit from researchers including corelight.

AI-analyzed exploit summary This repository provides detection logic for CVE-2021-42292, a Microsoft Excel local privilege escalation vulnerability. It includes Zeek scripts and Suricata rules to detect exploitation attempts by monitoring Excel downloading secondary spreadsheets with elevated privileges.

Description

Microsoft Excel Security Feature Bypass Vulnerability

Exploits (1)

nomisec WRITEUP 18 stars

by corelight · poc

https://github.com/corelight/CVE-2021-42292

View Code ZIP pw:eip

This repository provides detection logic for CVE-2021-42292, a Microsoft Excel local privilege escalation vulnerability. It includes Zeek scripts and Suricata rules to detect exploitation attempts by monitoring Excel downloading secondary spreadsheets with elevated privileges.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Excel (various versions)

No auth needed

Prerequisites: Network traffic capture (PCAP) · Zeek or Suricata deployment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42292

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42292

Scores

CVSS v3 7.8

EPSS 0.3195

EPSS Percentile 98.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-17

VulnCheck KEV 2021-11-09

InTheWild.io 2021-11-09

ENISA EUVD EUVD-2021-29267

Status published

Products (6)

microsoft/365_apps

microsoft/excel 2013 sp1 (2 CPE variants)

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office 2016

microsoft/office 2019 (2 CPE variants)

microsoft/office_long_term_servicing_channel 2021 (2 CPE variants)

Published Nov 10, 2021

KEV Added Nov 17, 2021

Tracked Since Feb 18, 2026