Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29335

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Word 2016
Vendor: CVE Published:; 9 May 2023

Summary

A security feature bypass vulnerability exists in Microsoft Word, allowing attackers to circumvent certain security mechanisms. This flaw can be exploited to execute unauthorized actions within Word documents. Affected users should apply the available security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 4, 2023