Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35371

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft Office 2019 For Mac; Microsoft Office Online Server; Microsoft 365 Apps For Enterprise
Vendor: CVE Published:; 8 August 2023

Summary

A remote code execution vulnerability exists in Microsoft Office when a user opens a specially crafted document. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office 2019 for Mac Unknown 16.0.0 < 16.76.23081101

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 14, 2023