Microsoft Excel Spoofing Vulnerability
CVE-2023-23398

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Excel 2016
Vendor: CVE Published:; 14 March 2023

What is CVE-2023-23398?

A spoofing vulnerability exists in Microsoft Excel that allows attackers to present misleading information. This could lead users to be misinformed about the content and origin of Excel documents. When exploited, this vulnerability may compromise user trust and data integrity, making it essential for organizations and individuals using Excel to stay informed and apply relevant security updates.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2013 Service Pack 1 ARM64-based Systems 15.0.0.0 < 15.0.5537.1000

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5387.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Jan 11, 2023