Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33158

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019 For Mac; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021; Microsoft Office Ltsc 2021
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-33158?

A vulnerability in Microsoft Excel allows attackers to execute arbitrary code on an affected system. By crafting a malicious Excel file and enticing a user to open it, an attacker can exploit this loophole to execute arbitrary commands with the privileges of the user. Users are urged to update their Excel applications to mitigate the risk posed by this vulnerability. For more detail, visit the Microsoft advisory.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 for Mac Unknown 16.0.0 < 16.75.23070901

Microsoft Office for Universal Unknown 16.0.1 < 16.0.14326.21502

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
May 17, 2023