Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36896

7.8HIGH

Summary

A remote code execution vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code in the context of the current user. This flaw can be exploited through specially crafted Excel files, leading to potential system compromise. It is crucial for users to apply security updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2013 Service Pack 1 ARM64-based Systems 15.0.0.0 < 15.0.5579.1001

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5408.1002

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.