#VU80726 Information disclosure in Microsoft products - CVE-2023-36766
Published: September 13, 2023
Vulnerability identifier: #VU80726
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-36766
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Office LTSC
Microsoft Office
Microsoft 365 Apps for Enterprise
Microsoft Excel
Office Online Server
Microsoft Office LTSC
Microsoft Office
Microsoft 365 Apps for Enterprise
Microsoft Excel
Office Online Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Microsoft Excel. A remote attacker can trick a victim to open a specially crafted file and gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.