Lucene search
MicrosoftCVELIST:CVE-2023-23397HistoryMar 14, 2023 - 4:55 p.m.
CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability
2023-03-1416:55:28
CWE-20
microsoft
www.cve.org
2
cve-2023-23397
microsoft
outlook
elevation
privilege
vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9.6 High
AI Score
Confidence
High
0.922 High
EPSS
Percentile
99.0%
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft Office LTSC 2021",
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Outlook 2016",
"cpes": [
"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x86:*:*",
"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x64:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.0.0",
"lessThan": "16.0.5387.1000",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft 365 Apps for Enterprise",
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office 2019",
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "19.0.0",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Outlook 2013 Service Pack 1",
"cpes": [
"cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:x64:*",
"cpe:2.3:a:microsoft:outlook:2013:*:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:x86:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "15.0.0.0",
"lessThan": "15.0.5537.1000",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
githubexploit
githubexploit
Exploit for Authentication Bypass by Capture-replay in Microsoft
2023-03-28 04:35:16
Exploit for Authentication Bypass by Capture-replay in Microsoft
2023-03-16 19:43:39
Exploit for Authentication Bypass by Capture-replay in Microsoft
2023-03-23 13:40:18
cisa_kev
cisa_kev
Microsoft Office Outlook Privilege Escalation Vulnerability
2023-03-14 00:00:00
trendmicroblog
trendmicroblog
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
2023-03-21 00:00:00
nessus
nessus
Security Updates for Outlook (March 2023)
2023-03-14 00:00:00
Security Updates for Outlook C2R Elevation of Privilege (March 2023)
2023-03-16 00:00:00
cve
cve
CVE-2023-23397
2023-03-14 17:15:13
mscve
mscve
Microsoft Outlook Elevation of Privilege Vulnerability
2023-03-14 07:00:00
Microsoft Exchange Server Elevation of Privilege Vulnerability
2024-02-13 08:00:00
Windows MSHTML Platform Security Feature Bypass Vulnerability
2023-05-09 07:00:00
talosblog
talosblog
thn
thn
mmpc
mmpc
Guidance for investigating attacks using CVE-2023-23397
2023-03-24 18:30:00
mssecure
mssecure
Guidance for investigating attacks using CVE-2023-23397
2023-03-24 18:30:00
attackerkb
attackerkb
CVE-2023-23397
2023-03-14 00:00:00
mskb
mskb
openvas
openvas
prion
prion
Privilege escalation
2023-03-14 17:15:00
nvd
nvd
CVE-2023-23397
2023-03-14 17:15:13
msrc
msrc
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
2023-03-14 13:00:00
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
2023-03-14 13:00:00
krebs
krebs
Microsoft Patch Tuesday, March 2023 Edition
2023-03-15 15:19:32
Microsoft Patch Tuesday, December 2023 Edition
2023-12-12 22:21:00
Fat Patch Tuesday, February 2024 Edition
2024-02-13 22:28:48
securelist
securelist
Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
2023-07-19 12:00:41
IT threat evolution Q3 2023
2023-12-01 10:00:09
IT threat evolution in Q1 2023. Non-mobile statistics
2023-06-07 08:00:18
trellix
trellix
CVE-2023-23397: The Notification Sound You Donβt Want to Hear
2023-03-17 00:00:00
CVE-2023-23397: The Notification Sound You Donβt Want to Hear
2023-03-17 00:00:00
The Bug Report - March 2023 Edition
2023-04-05 00:00:00
malwarebytes
malwarebytes
How Outlook notification sounds can lead to zero-click exploits
2023-12-21 21:28:01
Update now! Microsoft fixes two zero-day bugs
2023-03-15 01:00:00
qualysblog
qualysblog
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
The MarchΒ 2023 Patch Tuesday Security Update Review
2023-03-15 00:08:07
kaspersky
kaspersky
KLA48560 Multiple vulnerabilities in Microsoft Office
2023-03-14 00:00:00
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55
Patch Tuesday - March 2023
2023-03-14 23:46:44
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9.6 High
AI Score
Confidence
High
0.922 High
EPSS
Percentile
99.0%
Related for CVELIST:CVE-2023-23397