Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36896
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 8 August 2023
Summary
A remote code execution vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code in the context of the current user. This flaw can be exploited through specially crafted Excel files, leading to potential system compromise. It is crucial for users to apply security updates provided by Microsoft to mitigate the risks associated with this vulnerability.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Excel 2013 Service Pack 1 ARM64-based Systems 15.0.0.0 < 15.0.5579.1001
Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5408.1002
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved