Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36896

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft Office 2019 For Mac; Microsoft Office Online Server; Microsoft 365 Apps For Enterprise
Vendor: CVE Published:; 8 August 2023

Summary

A remote code execution vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code in the context of the current user. This flaw can be exploited through specially crafted Excel files, leading to potential system compromise. It is crucial for users to apply security updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2013 Service Pack 1 ARM64-based Systems 15.0.0.0 < 15.0.5579.1001

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5408.1002

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 27, 2023