Microsoft Office Remote Code Execution Vulnerability
CVE-2023-28285

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019 For Mac; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-28285?

A remote code execution vulnerability exists in Microsoft Office, allowing attackers to execute arbitrary code on the user's machine by delivering a specially crafted file. Exploitation of this vulnerability may enable an attacker to access sensitive information or take control of the affected system. It is crucial for users to apply updates and patches provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 for Mac Unknown 16.0.0 < 16.72.23040900

Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.72.23040900

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 13, 2023

CVE-2023-28285 Data

JSON