Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28287

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Publisher 2016; Microsoft Publisher 2013 Service Pack 1; Microsoft Office Ltsc 2021; Microsoft 365 Apps For Enterprise
Vendor: CVE Published:; 17 June 2023

Summary

A remote code execution vulnerability has been identified in Microsoft Publisher, which could allow an attacker to execute arbitrary code on an affected system. This vulnerability can be exploited by processing a specially crafted file, leading to potential unauthorized access to system resources or sensitive information. It is crucial for users to remain vigilant and apply the necessary updates to mitigate the associated risks.

Affected Version(s)

Microsoft 365 Apps for Enterprise x64-based Systems 16.0.1

Microsoft Office 2019 x64-based Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2023
Vulnerability Reserved
Mar 13, 2023