Remote Code Execution Vulnerability Affects Microsoft Word
CVE-2023-21716

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2021; Microsoft Office Ltsc 2021; Microsoft Sharepoint Server Subscription Edition; Microsoft 365 Apps For Enterprise
Vendor: CVE Published:; 14 February 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 38%📰 News Worthy

Summary

Microsoft Word Remote Code Execution Vulnerability

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 for Mac Unknown 16.0.0 < 16.70.23021201

Microsoft Office 2019 x64-based Systems 19.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-21716
Created by gyaansastra

CVE-2023-21716
Created by Xnuvers007

CVE-2023-21716_exploit
Created by hv0l

News Articles

Help Net Security

CVE-2023-21716 CVE-2023-35082

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security

A PoC for CVE-2023-21716, a RCE vulnerability in Microsoft Word that can be exploited via a malicious RTF document, is publicly available.

2 years ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 4, 2023
👾
Exploit known to exist
Nov 4, 2023
📰
First article discovered by Help Net Security
Mar 6, 2023
Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 13, 2022

Collectors

NVD DatabaseMitre Database8 Proof of Concept(s)1 News Article(s)