Microsoft Office Visio Information Disclosure Vulnerability
CVE-2023-21741

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc 2021; Microsoft Visio 2013 Service Pack 1; Microsoft 365 Apps For Enterprise; Microsoft Office 2019
Vendor: CVE Published:; 10 January 2023

Summary

A vulnerability has been identified in Microsoft Office Visio that allows for information disclosure. This flaw could permit an unauthorized user to access sensitive data. It's crucial for organizations using affected versions of Microsoft Office Visio to apply security updates to mitigate potential exploits that leverage this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 x64-based Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 13, 2022