Various technologies, including Microsoft Office, cURL, PHP, and Windows executables that indirectly use vulnerable command line tools, such as pip, composer, and git, are all potentially vulnerable.
For example, the CVE-2024-4577 issue in PHP stems from this class of vulnerability. Developers have published suggested mitigations but the flaw remains under evaluation and unresolved.
Patches have however been developed to address CVE-2024-49026 — a Microsoft Excel vulnerability. Everything else remains vulnerable, Orange Tsai told CSO.