Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33131

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Outlook 2016
Vendor: CVE Published:; 14 June 2023

Summary

Microsoft Outlook is susceptible to a remote code execution vulnerability that could allow attackers to execute arbitrary code on the affected system. This vulnerability occurs when the application improperly handles objects in memory. An attacker who successfully exploits this vulnerability could gain the same user rights as the user running the affected application, potentially allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
May 17, 2023