Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021; Microsoft Office Ltsc 2021
Vendor: CVE Published:; 14 November 2023

Summary

A vulnerability in Microsoft Excel allows for remote code execution when a user opens a malicious file. This flaw puts user systems at risk, making it essential for organizations to ensure that they have adequate safeguards and updates in place. Attackers might exploit this vulnerability by convincing users to open specially crafted Excel documents, leading to unauthorized access and control over the affected systems, compromise of sensitive data, and manipulation of system functionalities. Regular updates and user vigilance are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5422.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 20, 2023