#VU70969 Input validation error

Published: 2023-01-10

Vulnerability identifier: #VU70969

Vulnerability risk: High


CVE-ID: CVE-2023-21734


Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Office for Mac
Client/Desktop applications / Office applications
Microsoft Office
Client/Desktop applications / Office applications
Microsoft 365 Apps for Enterprise
Client/Desktop applications / Other client software

Vendor: Microsoft


The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Microsoft Office. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Install updates from vendor's website.

Vulnerable software versions

Office for Mac: 2019

Microsoft Office: 2019 for Mac

Microsoft 365 Apps for Enterprise: 32-bit Systems - 64-bit Systems


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability