Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36565

7HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019 For Mac; Microsoft Office Ltsc For Mac 2021; Microsoft Office For Android; Microsoft Office For Universal
Vendor: CVE Published:; 10 October 2023

Summary

A vulnerability exists in Microsoft Office that could allow an attacker to elevate privileges within the application through crafted graphics files. This could enable unauthorized access to sensitive data or system controls, potentially compromising the integrity and confidentiality of user information. It is essential for users and organizations to stay informed about this vulnerability and apply recommended updates to mitigate associated risks.

Affected Version(s)

Microsoft Office 2019 for Mac Unknown 16.0.0 < 16.78.23100802

Microsoft Office for Android Unknown 16.0.1 < 16.0.16827.20138

Microsoft Office for Universal Unknown 16.0.1 < 16.0.14326.21606

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jun 23, 2023