Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:CC5240D0-9F60-46FF-A6B8-8971D46A2F41
HistoryFeb 14, 2023 - 12:00 a.m.

CVE-2023-21716

2023-02-1400:00:00
attackerkb.com
113

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.454 Medium

EPSS

Percentile

97.4%

JSON

Microsoft Word Remote Code Execution Vulnerability

Recent assessments:

cbeek-r7 at March 06, 2023 8:12am UTC reported:

A vulnerability in Microsoft’s Word wwlib allows attackers to get LCE with the privileges of the victim opens a malicious
RTF document. An attacker would be able to deliver this payload in several ways including as an attachment in spear-phishing attacks.

Affected Versions

This vulnerability affects at least the following versions of Microsoft Office:

  • Microsoft Office 365 (Insider Preview – 2211 Build 15831.20122 CTR)

  • Microsoft Office 2016 (Including Insider Slow – 1704 Build 8067.2032 CTR)

  • Microsoft Office 2013

  • Microsoft Office 2010

  • Microsoft Office 2007

Acknowledgement

This issue was discovered, analyzed, and reported by Joshua J. Drake (@jduck).

PoC code from @jduck:

image

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

Related

mskb 12
mscve 1
cvelist 1
prion 1
openvas 3
cve 1
nessus 12
githubexploit 2
cnvd 1
nvd 1
avleonov 2
kaspersky 1
krebs 1
malwarebytes 1
talosblog 1
qualysblog 1
rapid7blog 1
mskb
mskb
Description of the security update for Office Online Server: February 14, 2023 (KB5002309)
2023-02-14 08:00:00
Description of the security update for Word 2016: February 14, 2023 (KB5002323)
2023-02-14 08:00:00
Description of the security update for Office Web Apps Server 2013: February 14, 2023 (KB5002313)
2023-02-14 08:00:00
mscve
mscve
Microsoft Word Remote Code Execution Vulnerability
2023-02-14 08:00:00
cvelist
cvelist
CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability
2023-02-14 19:33:45
prion
prion
Remote code execution
2023-02-14 20:15:00
openvas
openvas
Microsoft Word 2016 Remote Code Execution Vulnerability (KB5002323)
2023-02-15 00:00:00
Microsoft Office Outlook 2019 RCE Vulnerability (Feb 2023) - Mac OS X
2023-02-15 00:00:00
Microsoft Word 2013 Service Pack 1 Remote Code Execution Vulnerability (KB5002316)
2023-02-15 00:00:00
cve
cve
CVE-2023-21716
2023-02-14 20:15:14
nessus
nessus
Security Updates for Microsoft Office Online Server (February 2023)
2023-02-17 00:00:00
Security Updates for Microsoft Office Products (Feb 2023) (macOS)
2023-02-17 00:00:00
Security Updates for Microsoft Word Products C2R (February 2023)
2023-02-16 00:00:00
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Microsoft
2023-03-24 15:58:25
Exploit for Integer Overflow or Wraparound in Microsoft
2023-03-07 15:03:43
cnvd
cnvd
Microsoft Word Remote Code Execution Vulnerability (CNVD-2023-14998)
2023-02-17 00:00:00
nvd
nvd
CVE-2023-21716
2023-02-14 20:15:14
avleonov
avleonov
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
2023-04-23 23:11:58
Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1
2023-02-26 16:37:52
kaspersky
kaspersky
KLA20229 Multiple vulnerabilities in Microsoft Office
2023-02-14 00:00:00
krebs
krebs
Microsoft Patch Tuesday, February 2023 Edition
2023-02-14 21:01:41
malwarebytes
malwarebytes
Update now! February's Patch Tuesday tackles three zero-days
2023-02-15 03:00:00
talosblog
talosblog
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
2023-02-14 18:09:22
qualysblog
qualysblog
The February 2023 Patch Tuesday Security Update Review
2023-02-15 00:56:48
rapid7blog
rapid7blog
Patch Tuesday - February 2023
2023-02-15 00:41:59

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.454 Medium

EPSS

Percentile

97.4%

JSON
Related for AKB:CC5240D0-9F60-46FF-A6B8-8971D46A2F41
mskb12mscve1cvelist1prion1openvas3cve1nessus12githubexploit2cnvd1nvd1avleonov2kaspersky1krebs1malwarebytes1talosblog1qualysblog1rapid7blog1