Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-36897

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-36897?

The spoofing vulnerability in Visual Studio Tools for Office Runtime allows attackers to manipulate user input, potentially leading to unauthorized actions or exposure of sensitive information. This vulnerability highlights the importance of securing development tools and ensuring that users are aware of the risks associated with untrusted content.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 27, 2023