Main Vulnerability Database Vulnerabilities #VU72168

Security features bypass in Microsoft Office and Microsoft Publisher - CVE-2023-21715

Published: February 14, 2023

Vulnerability identifier: #VU72168

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2023-21715

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Microsoft

Affected software:
Microsoft Office
Microsoft Publisher

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error when processing files. A remote attacker can trick the victim to open a specially crafted file, bypass Office macro policies used to block untrusted or malicious files and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2023-21715

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21715

Security features bypass in Microsoft Office and Microsoft Publisher - CVE-2023-21715

Detailed vulnerability description

How to mitigate CVE-2023-21715

Sources

Please verify you're human