#VU78099 Input validation error in Microsoft products - CVE-2023-36884

Cybersecurity Help s.r.o.

Published: 2023-07-11 | Updated: 2023-09-28

Vulnerability identifier: #VU78099

Vulnerability risk: Critical

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-36884

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system
Microsoft Office
Client/Desktop applications / Office applications
Microsoft Word
Client/Desktop applications / Office applications

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when handling cross-protocol file navigation. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Windows: 10 Gold, 10 Mobile, 10 S, 10 20H2 10.0.19042.572, 10 21H1 10.0.19043.985, 10 21H2 10.0.19044.1288, 10 22H2 10.0.19045.2130, 10 1507 10.0.10240.16405, 10 1511 10.0.10586.3, 10 1607 10.0.14393.10, 10 1703 10.0.15063.138, 10 1706, 10 1709 10.0.16299.19, 10 1803 10.0.17134.48, 10 1809 10.0.17763.1, 10 1903 10.0.18362.116, 10 1909 10.0.18363.476, 10 2004 10.0.19041.264, 10, 11 21H2 10.0.22000.194, 11 22H2 10.0.22621.521, 11

Windows Server: 2008 R2 - 2008, 2012 R2 - 2012, 2016 10.0.14393.10, 2019 10.0.17763.1 - 2019 2004, 2022 10.0.20348.202 - 2022 20H2

Microsoft Office: 2013 Click-to-Run C2R for 32-bit editions - 2013, 2016, 2019

Microsoft Word: 2013 Service Pack 1, 2016, 2019

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36884
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV230003

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Remote code execution in Microsoft Office and Windows HTML