Microsoft Excel Spoofing Vulnerability
CVE-2023-23398

7.1HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc 2021
Microsoft Excel 2016
Vendor
CVE Published:
14 March 2023

Summary

A spoofing vulnerability exists in Microsoft Excel that allows attackers to present misleading information. This could lead users to be misinformed about the content and origin of Excel documents. When exploited, this vulnerability may compromise user trust and data integrity, making it essential for organizations and individuals using Excel to stay informed and apply relevant security updates.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2013 Service Pack 1 ARM64-based Systems 15.0.0.0 < 15.0.5537.1000

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5387.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.