7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.42 Medium
EPSS
Percentile
97.2%
05/09/2023
Critical
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions.
Public exploits exist for this vulnerability.
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office Online Server
Microsoft Teams
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Word 2016 (64-bit edition)
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Word 2013 RT Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Install Office updates
CVE-2023-29344
CVE-2023-24955
CVE-2023-29333
CVE-2023-24881
CVE-2023-24953
CVE-2023-24950
CVE-2023-24954
CVE-2023-29335
ACE
CVE-2023-293447.8Critical
CVE-2023-249557.2High
CVE-2023-293333.3Warning
CVE-2023-248816.5High
CVE-2023-249537.8Critical
CVE-2023-249506.5High
CVE-2023-249546.5High
CVE-2023-293357.5Critical
5002372
5002369
5002397
5002386
5002365
5002389
5002390
5002384
support.microsoft.com/kb/5002365
support.microsoft.com/kb/5002369
support.microsoft.com/kb/5002372
support.microsoft.com/kb/5002384
support.microsoft.com/kb/5002386
support.microsoft.com/kb/5002389
support.microsoft.com/kb/5002390
support.microsoft.com/kb/5002397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29333
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29344
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24881
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29344
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/office/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-SharePoint/
threats.kaspersky.com/en/product/Microsoft-Word/
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.42 Medium
EPSS
Percentile
97.2%