Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-36739 (GCVE-0-2023-36739)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:18
VLAI?
EPSS
Title
3D Viewer Remote Code Execution Vulnerability
Summary
3D Viewer Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:11:07.732925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:11:15.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3D Viewer Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "3D Viewer",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2306.12012.0",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2306.12012.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "3D Viewer Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:18:17.531Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "3D Viewer Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
],
"title": "3D Viewer Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36739",
"datePublished": "2023-09-12T16:58:47.595Z",
"dateReserved": "2023-06-26T13:29:45.607Z",
"dateUpdated": "2025-10-30T18:18:17.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2307.27042.0\", \"matchCriteriaId\": \"56BF1D42-3F03-4F6E-A71E-9CE508F2D812\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"3D Viewer Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Ejecuci\\u00f3n Remota de C\\u00f3digo del Visor 3D\"}]",
"id": "CVE-2023-36739",
"lastModified": "2024-11-21T08:10:29.377",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2023-09-12T17:15:09.893",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-36739\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-09-12T17:15:09.893\",\"lastModified\":\"2024-11-21T08:10:29.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"3D Viewer Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Ejecuci\u00f3n Remota de C\u00f3digo del Visor 3D\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2307.27042.0\",\"matchCriteriaId\":\"56BF1D42-3F03-4F6E-A71E-9CE508F2D812\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\", \"name\": \"3D Viewer Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:52:54.230Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36739\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-28T14:11:07.732925Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T14:11:12.653Z\"}}], \"cna\": {\"title\": \"3D Viewer Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"3D Viewer\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.2306.12012.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2023-09-12T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\", \"name\": \"3D Viewer Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"3D Viewer Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.2306.12012.0\", \"versionStartIncluding\": \"7.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-10-30T18:18:17.531Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-36739\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-30T18:18:17.531Z\", \"dateReserved\": \"2023-06-26T13:29:45.607Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-09-12T16:58:47.595Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2023-AVI-0743
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft Identity Linux Broker | ||
| Microsoft | N/A | 3D Viewer | ||
| Microsoft | N/A | Dynamics 365 pour Finance and Operations | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | N/A | Microsoft Defender Security Intelligence Updates | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | 3D Builder | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Identity Linux Broker",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "3D Viewer",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 pour Finance and Operations",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender Security Intelligence Updates",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "3D Builder",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36800"
},
{
"name": "CVE-2023-36794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
},
{
"name": "CVE-2023-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36777"
},
{
"name": "CVE-2023-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36770"
},
{
"name": "CVE-2023-36739",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36739"
},
{
"name": "CVE-2023-36792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
},
{
"name": "CVE-2023-36772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36772"
},
{
"name": "CVE-2023-36758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36758"
},
{
"name": "CVE-2023-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38163"
},
{
"name": "CVE-2023-36745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36745"
},
{
"name": "CVE-2023-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36760"
},
{
"name": "CVE-2023-36759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36759"
},
{
"name": "CVE-2023-36757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36757"
},
{
"name": "CVE-2023-36744",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36744"
},
{
"name": "CVE-2023-39956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39956"
},
{
"name": "CVE-2023-36771",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36771"
},
{
"name": "CVE-2023-36756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36756"
},
{
"name": "CVE-2023-38164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38164"
},
{
"name": "CVE-2023-36762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
},
{
"name": "CVE-2023-36742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36742"
},
{
"name": "CVE-2022-41303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41303"
},
{
"name": "CVE-2023-36773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36773"
},
{
"name": "CVE-2023-36764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36764"
},
{
"name": "CVE-2023-36740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36740"
},
{
"name": "CVE-2023-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36886"
},
{
"name": "CVE-2023-36799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
},
{
"name": "CVE-2023-36796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
},
{
"name": "CVE-2023-36736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36736"
},
{
"name": "CVE-2023-36793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36773 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38163 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36760 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36764 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36770 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36757 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36744 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36771 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36796 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36777 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41303 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36759 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36799 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36739 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36793 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36758 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36772 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-39956 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36756 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36736 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36794 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36886 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36792 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36742 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36740 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38164 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36800 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36745 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745"
}
],
"reference": "CERTFR-2023-AVI-0743",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0743
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft Identity Linux Broker | ||
| Microsoft | N/A | 3D Viewer | ||
| Microsoft | N/A | Dynamics 365 pour Finance and Operations | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | N/A | Microsoft Defender Security Intelligence Updates | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | 3D Builder | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Identity Linux Broker",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "3D Viewer",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 pour Finance and Operations",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender Security Intelligence Updates",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "3D Builder",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36800"
},
{
"name": "CVE-2023-36794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
},
{
"name": "CVE-2023-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36777"
},
{
"name": "CVE-2023-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36770"
},
{
"name": "CVE-2023-36739",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36739"
},
{
"name": "CVE-2023-36792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
},
{
"name": "CVE-2023-36772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36772"
},
{
"name": "CVE-2023-36758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36758"
},
{
"name": "CVE-2023-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38163"
},
{
"name": "CVE-2023-36745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36745"
},
{
"name": "CVE-2023-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36760"
},
{
"name": "CVE-2023-36759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36759"
},
{
"name": "CVE-2023-36757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36757"
},
{
"name": "CVE-2023-36744",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36744"
},
{
"name": "CVE-2023-39956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39956"
},
{
"name": "CVE-2023-36771",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36771"
},
{
"name": "CVE-2023-36756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36756"
},
{
"name": "CVE-2023-38164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38164"
},
{
"name": "CVE-2023-36762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
},
{
"name": "CVE-2023-36742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36742"
},
{
"name": "CVE-2022-41303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41303"
},
{
"name": "CVE-2023-36773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36773"
},
{
"name": "CVE-2023-36764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36764"
},
{
"name": "CVE-2023-36740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36740"
},
{
"name": "CVE-2023-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36886"
},
{
"name": "CVE-2023-36799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
},
{
"name": "CVE-2023-36796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
},
{
"name": "CVE-2023-36736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36736"
},
{
"name": "CVE-2023-36793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36773 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38163 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36760 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36764 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36770 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36757 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36744 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36771 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36796 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36777 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41303 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36759 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36799 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36739 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36793 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36758 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36772 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-39956 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36756 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36736 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36794 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36886 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36792 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36742 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36740 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38164 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36800 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36745 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745"
}
],
"reference": "CERTFR-2023-AVI-0743",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
FKIE_CVE-2023-36739
Vulnerability from fkie_nvd - Published: 2023-09-12 17:15 - Updated: 2024-11-21 08:10
Severity ?
Summary
3D Viewer Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56BF1D42-3F03-4F6E-A71E-9CE508F2D812",
"versionEndExcluding": "7.2307.27042.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3D Viewer Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Ejecuci\u00f3n Remota de C\u00f3digo del Visor 3D"
}
],
"id": "CVE-2023-36739",
"lastModified": "2024-11-21T08:10:29.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2023-09-12T17:15:09.893",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-36739
Vulnerability from fstec - Published: 12.09.2023
VLAI Severity ?
Title
Уязвимость средства просмотра трехмерной компьютерной графики 3D Viewer, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость средства просмотра трехмерной компьютерной графики 3D Viewer связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
Vendor
Microsoft Corp
Software Name
3D Viewer
Software Version
до 7.2307.27042.0 (3D Viewer)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739
https://www.cybersecurity-help.cz/vdb/SB2023091259
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7.2307.27042.0 (3D Viewer)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05727",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-36739",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "3D Viewer",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0442\u0440\u0435\u0445\u043c\u0435\u0440\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u043e\u0439 \u0433\u0440\u0430\u0444\u0438\u043a\u0438 3D Viewer, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0442\u0440\u0435\u0445\u043c\u0435\u0440\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u043e\u0439 \u0433\u0440\u0430\u0444\u0438\u043a\u0438 3D Viewer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739\nhttps://www.cybersecurity-help.cz/vdb/SB2023091259",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
GSD-2023-36739
Vulnerability from gsd - Updated: 2023-12-13 01:20{
"GSD": {
"alias": "CVE-2023-36739",
"id": "GSD-2023-36739"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-36739"
],
"details": "3D Viewer Remote Code Execution Vulnerability",
"id": "GSD-2023-36739",
"modified": "2023-12-13T01:20:34.680045Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-36739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3D Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.0.0",
"version_value": "7.2306.12012.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3D Viewer Remote Code Execution Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:3d_viewer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2307.27042.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-36739"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "3D Viewer Remote Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-09-14T17:57Z",
"publishedDate": "2023-09-12T17:15Z"
}
}
}
GHSA-M2J3-FR23-V3JF
Vulnerability from github – Published: 2023-09-12 18:30 – Updated: 2024-04-04 07:37
VLAI?
Details
3D Viewer Remote Code Execution Vulnerability
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-36739"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T17:15:09Z",
"severity": "HIGH"
},
"details": "3D Viewer Remote Code Execution Vulnerability",
"id": "GHSA-m2j3-fr23-v3jf",
"modified": "2024-04-04T07:37:26Z",
"published": "2023-09-12T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36739"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2023-74905
Vulnerability from cnvd - Published: 2023-10-09
VLAI Severity ?
Title
Microsoft 3D Viewer远程代码执行漏洞(CNVD-2023-74905)
Description
Microsoft 3D Viewer是美国微软(Microsoft)公司的一款简化且快速的图形编辑应用程序。
Microsoft 3D Viewer存在远程代码执行漏洞,攻击者可利用该漏洞在目标主机上执行代码。
Severity
高
Patch Name
Microsoft 3D Viewer远程代码执行漏洞(CNVD-2023-74905)的补丁
Patch Description
Microsoft 3D Viewer是美国微软(Microsoft)公司的一款简化且快速的图形编辑应用程序。
Microsoft 3D Viewer存在远程代码执行漏洞,攻击者可利用该漏洞在目标主机上执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36739
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36739
Impacted products
| Name | Microsoft 3D Viewer <7.2307.27042.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-36739",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-36739"
}
},
"description": "Microsoft 3D Viewer\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7b80\u5316\u4e14\u5feb\u901f\u7684\u56fe\u5f62\u7f16\u8f91\u5e94\u7528\u7a0b\u5e8f\u3002\n\nMicrosoft 3D Viewer\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36739",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-74905",
"openTime": "2023-10-09",
"patchDescription": "Microsoft 3D Viewer\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7b80\u5316\u4e14\u5feb\u901f\u7684\u56fe\u5f62\u7f16\u8f91\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft 3D Viewer\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft 3D Viewer\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2023-74905\uff09\u7684\u8865\u4e01",
"products": {
"product": "Microsoft 3D Viewer \u003c7.2307.27042.0"
},
"referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36739",
"serverity": "\u9ad8",
"submitTime": "2023-09-15",
"title": "Microsoft 3D Viewer\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2023-74905\uff09"
}
MSRC_CVE-2023-36739
Vulnerability from csaf_microsoft - Published: 2023-09-12 07:00 - Updated: 2023-09-12 07:00Summary
3D Viewer Remote Code Execution Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"HAO LI of VenusTech ADLab"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
},
{
"category": "self",
"summary": "CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2023/msrc_cve-2023-36739.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "3D Viewer Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2023-09-12T07:00:00.000Z",
"generator": {
"date": "2025-01-01T02:04:05.647Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-36739",
"initial_release_date": "2023-09-12T07:00:00.000Z",
"revision_history": [
{
"date": "2023-09-12T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.2306.12012.0",
"product": {
"name": "3D Viewer \u003c7.2306.12012.0",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "7.2306.12012.0",
"product": {
"name": "3D Viewer 7.2306.12012.0",
"product_id": "11760"
}
}
],
"category": "product_name",
"name": "3D Viewer"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-36739",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
"title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
},
{
"category": "faq",
"text": "An attacker must send the user a malicious file and convince them to open it.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
},
{
"category": "faq",
"text": "An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim\u0027s information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.",
"title": "According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.\nIt is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.\nCustomers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.\nApp package versions 7.2307.27042.0 and later contain this update.\nYou can check the package version in PowerShell:\nGet-AppxPackage -Name Microsoft.Microsoft3DViewer",
"title": "How do I get the updated app?"
},
{
"category": "faq",
"text": "This vulnerability affects FBX component used within the 3D Viewer product.",
"title": "What component is affected by this vulnerability?"
}
],
"product_status": {
"fixed": [
"11760"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
},
{
"category": "self",
"summary": "CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-12T07:00:00.000Z",
"details": "7.2306.12012.0:Security Update:https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab",
"product_ids": [
"1"
],
"url": "https://www.microsoft.com/en-us/p/3d-viewer/9nblggh42ths?activetab=pivot:overviewtab"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation Unlikely"
}
],
"title": "3D Viewer Remote Code Execution Vulnerability"
}
]
}
WID-SEC-W-2023-2325
Vulnerability from csaf_certbund - Published: 2023-09-12 22:00 - Updated: 2023-09-12 22:00Summary
Microsoft 3D Builder und Viewer: Mehrere Schwachstellen ermöglichen Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Microsoft 3D Builder ist eine Software zur Erstellung von 3D Modellen, z.B. für den 3D Druck.
Microsoft 3D Viewer ist eine Betrachtungssoftware für 3D Modelle und Animationen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 3D Builder und Microsoft 3D Viewer ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft 3D Builder ist eine Software zur Erstellung von 3D Modellen, z.B. f\u00fcr den 3D Druck.\r\nMicrosoft 3D Viewer ist eine Betrachtungssoftware f\u00fcr 3D Modelle und Animationen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 3D Builder und Microsoft 3D Viewer ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2325 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2325.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2325 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2325"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-09-12",
"url": "https://msrc.microsoft.com/update-guide"
}
],
"source_lang": "en-US",
"title": "Microsoft 3D Builder und Viewer: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2023-09-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:58:19.576+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2325",
"initial_release_date": "2023-09-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft 3D Builder \u003c 20.0.4.0",
"product": {
"name": "Microsoft 3D Builder \u003c 20.0.4.0",
"product_id": "T029798",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:3d_builder:20.0.4.0"
}
}
},
{
"category": "product_name",
"name": "Microsoft 3D Viewer \u003c 7.2306.12012.0",
"product": {
"name": "Microsoft 3D Viewer \u003c 7.2306.12012.0",
"product_id": "T029799",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:3d_viewer:7.2306.12012.0"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-36773",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36773"
},
{
"cve": "CVE-2023-36772",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36772"
},
{
"cve": "CVE-2023-36771",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36771"
},
{
"cve": "CVE-2023-36770",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36770"
},
{
"cve": "CVE-2023-36760",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36760"
},
{
"cve": "CVE-2023-36740",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36740"
},
{
"cve": "CVE-2023-36739",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2023-36739"
},
{
"cve": "CVE-2022-41303",
"notes": [
{
"category": "description",
"text": "In Microsoft 3D Builder und Microsoft 3D Viewer existieren mehrere nicht genauer beschriebene Schwachstellen. Ein Angreifer kann mit einer speziell gestalteten Datei beliebigen Code ausf\u00fchren. Zur erfolgreichen Ausnutzung muss der Angreifer den Benutzer dazu bringen, diese Datei zu \u00f6ffnen."
}
],
"release_date": "2023-09-12T22:00:00.000+00:00",
"title": "CVE-2022-41303"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…