Vulnerability-Lookup

CVE-2023-36897 (GCVE-0-2023-36897)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59

Title

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Summary

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

9 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	Affected: 15.9.0 , < 15.9.56 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.2	Affected: 17.2.0 , < 17.2.18 (custom)
Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Affected: 16.11.0 , < 16.11.29 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.4	Affected: 17.4.0 , < 17.4.10 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.6	Affected: 17.6.0 , < 17.6.6 (custom)
Microsoft	Visual Studio 2010 Tools for Office Runtime	Affected: 10.0.0 , < 10.0.60910 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:55:48.486878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:58:02.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.56",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.18",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.29",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.10",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.6",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2010 Tools for Office Runtime",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.60910",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.56",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.18",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.29",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.10",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.6",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.60910",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:12.128Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
        }
      ],
      "title": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36897",
    "datePublished": "2023-08-08T17:08:53.174Z",
    "dateReserved": "2023-06-27T20:28:49.988Z",
    "dateUpdated": "2025-01-01T01:59:12.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-36897",
      "date": "2026-05-27",
      "epss": "0.00171",
      "percentile": "0.38019"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*\", \"matchCriteriaId\": \"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*\", \"matchCriteriaId\": \"CD25F492-9272-4836-832C-8439EBE64CCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"CF5DDD09-902E-4881-98D0-CB896333B4AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"26A3B226-5D7C-4556-9350-5222DC8EFC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*\", \"matchCriteriaId\": \"1AC0C23F-FC55-4DA1-8527-EB4432038FB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*\", \"matchCriteriaId\": \"A719B461-7869-46D0-9300-D0A348DC26A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D162C421-065E-4A00-B5D0-FB3434A6A12D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndExcluding\": \"15.9.56\", \"matchCriteriaId\": \"0979AC6C-A38A-4B79-9196-D721D066E64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0\", \"versionEndExcluding\": \"16.11.29\", \"matchCriteriaId\": \"45EE88D6-0DF3-419E-B434-9039DE073B1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*\", \"versionStartIncluding\": \"17.2.0\", \"versionEndExcluding\": \"17.2.18\", \"matchCriteriaId\": \"E3B42567-B3FF-4101-A639-C2883F567CF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*\", \"versionStartIncluding\": \"17.4.0\", \"versionEndExcluding\": \"17.4.10\", \"matchCriteriaId\": \"4759CA52-CEA4-40C8-B1EF-F161DCFF0E78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6.0\", \"versionEndExcluding\": \"17.6.6\", \"matchCriteriaId\": \"FB465155-CEDD-48E5-8B58-AF49B8FAF504\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Visual Studio Tools for Office Runtime Spoofing Vulnerability\"}]",
      "id": "CVE-2023-36897",
      "lastModified": "2024-11-21T08:10:52.130",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-08-08T18:15:15.913",
      "references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-36897\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-08-08T18:15:15.913\",\"lastModified\":\"2026-05-19T18:38:59.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Visual Studio Tools for Office Runtime Spoofing Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*\",\"matchCriteriaId\":\"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*\",\"matchCriteriaId\":\"CD25F492-9272-4836-832C-8439EBE64CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CF5DDD09-902E-4881-98D0-CB896333B4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"26A3B226-5D7C-4556-9350-5222DC8EFC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"75F7306B-D1DA-48C2-AF87-4480E161D794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"BA9BCD55-F71E-4920-B906-A1386843776A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D162C421-065E-4A00-B5D0-FB3434A6A12D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.9.56\",\"matchCriteriaId\":\"0979AC6C-A38A-4B79-9196-D721D066E64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.11.29\",\"matchCriteriaId\":\"45EE88D6-0DF3-419E-B434-9039DE073B1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*\",\"versionStartIncluding\":\"17.2.0\",\"versionEndExcluding\":\"17.2.18\",\"matchCriteriaId\":\"E3B42567-B3FF-4101-A639-C2883F567CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*\",\"versionStartIncluding\":\"17.4.0\",\"versionEndExcluding\":\"17.4.10\",\"matchCriteriaId\":\"4759CA52-CEA4-40C8-B1EF-F161DCFF0E78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6.0\",\"versionEndExcluding\":\"17.6.6\",\"matchCriteriaId\":\"FB465155-CEDD-48E5-8B58-AF49B8FAF504\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\", \"name\": \"Visual Studio Tools for Office Runtime Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:01:09.643Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36897\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T18:55:48.486878Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T18:57:58.411Z\"}}], \"cna\": {\"title\": \"Visual Studio Tools for Office Runtime Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Office LTSC 2021\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.9.0\", \"lessThan\": \"15.9.56\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.2.0\", \"lessThan\": \"17.2.18\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.11.0\", \"lessThan\": \"16.11.29\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.4.0\", \"lessThan\": \"17.4.10\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.6.0\", \"lessThan\": \"17.6.6\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Visual Studio 2010 Tools for Office Runtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.60910\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2023-08-08T07:00:00+00:00\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897\", \"name\": \"Visual Studio Tools for Office Runtime Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Visual Studio Tools for Office Runtime Spoofing Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2024-05-29T01:33:03.908Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-36897\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-11T18:58:02.478Z\", \"dateReserved\": \"2023-06-27T20:28:49.988Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-08-08T17:08:53.174Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0645

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges, une usurpation d'identité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server sur Linux
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Teams pour Android
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server sur Linux
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 5)
Microsoft	N/A	Microsoft OLE DB Driver 19 pour SQL Server
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Teams pour iOS
Microsoft	N/A	HEVC Video Extensions
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 21)
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	Office	Microsoft Visual Studio 2010 Tools pour Office Runtime
Microsoft	N/A	HEVC Video Extension
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server sur MacOS
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Teams pour Desktop
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	Microsoft OLE DB Driver 18 pour SQL Server
Microsoft	N/A	Microsoft Teams pour Mac
Microsoft	N/A	Microsoft SharePoint Server 2019
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server sur MacOS

References

Title

Publication Time

CERTFR-2023-AVI-0645

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server sur Linux
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Teams pour Android
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server sur Linux
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 5)
Microsoft	N/A	Microsoft OLE DB Driver 19 pour SQL Server
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Teams pour iOS
Microsoft	N/A	HEVC Video Extensions
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 21)
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	Office	Microsoft Visual Studio 2010 Tools pour Office Runtime
Microsoft	N/A	HEVC Video Extension
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server sur MacOS
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Teams pour Desktop
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	Microsoft OLE DB Driver 18 pour SQL Server
Microsoft	N/A	Microsoft Teams pour Mac
Microsoft	N/A	Microsoft SharePoint Server 2019
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server sur MacOS

References

Title

Publication Time

BDU:2023-06151

Vulnerability from fstec - Published: 08.08.2023

Title

Уязвимость пакета программ Microsoft Office, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки

Description

Уязвимость пакета программ Microsoft Office связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить спуфинг-атаки

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Vendor

Microsoft Corp

Software Name

Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Visual Studio 2022, Microsoft Office LTSC 2021, Microsoft Visual Studio 2010 Tools for Office Runtime, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019

Software Version

- (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), 17.2 (Microsoft Visual Studio 2022), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), - (Microsoft Office LTSC 2021), - (Microsoft Visual Studio 2010 Tools for Office Runtime), от 15.0 до 15.8 включительно (Microsoft Visual Studio 2017), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36897

Reference

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36897 https://learn.microsoft.com/en-us/visualstudio/vsto/visual-studio-tools-for-office-runtime-overview?view=vs-2022 https://www.cybersecurity-help.cz/vdb/SB2023080883

CWE

CWE-451

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO699, TO708",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO699 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2017 15.9.57, TO708 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.30",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Office 2019), - (Microsoft 365 Apps for Enterprise), 17.2 (Microsoft Visual Studio 2022), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), - (Microsoft Office LTSC 2021), - (Microsoft Visual Studio 2010 Tools for Office Runtime), \u043e\u0442 15.0 \u0434\u043e 15.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2017), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36897",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.08.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.09.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06151",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-36897",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Visual Studio 2022, Microsoft Office LTSC 2021, Microsoft Visual Studio 2010 Tools for Office Runtime, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft Office \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36897\nhttps://learn.microsoft.com/en-us/visualstudio/vsto/visual-studio-tools-for-office-runtime-overview?view=vs-2022\nhttps://www.cybersecurity-help.cz/vdb/SB2023080883",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

FKIE_CVE-2023-36897

Vulnerability from fkie_nvd - Published: 2023-08-08 18:15 - Updated: 2026-05-19 18:38

Severity

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Visual Studio Tools for Office Runtime Spoofing Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	365_apps	-
microsoft	office	2019
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2021
microsoft	visual_studio_2010_tools_for_office_runtime	-
microsoft	visual_studio_2017	*
microsoft	visual_studio_2019	*
microsoft	visual_studio_2022	*
microsoft	visual_studio_2022	*
microsoft	visual_studio_2022	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
              "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
              "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
              "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
              "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*",
              "matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D162C421-065E-4A00-B5D0-FB3434A6A12D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0979AC6C-A38A-4B79-9196-D721D066E64B",
              "versionEndExcluding": "15.9.56",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45EE88D6-0DF3-419E-B434-9039DE073B1A",
              "versionEndExcluding": "16.11.29",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "E3B42567-B3FF-4101-A639-C2883F567CF2",
              "versionEndExcluding": "17.2.18",
              "versionStartIncluding": "17.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "4759CA52-CEA4-40C8-B1EF-F161DCFF0E78",
              "versionEndExcluding": "17.4.10",
              "versionStartIncluding": "17.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB465155-CEDD-48E5-8B58-AF49B8FAF504",
              "versionEndExcluding": "17.6.6",
              "versionStartIncluding": "17.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
    }
  ],
  "id": "CVE-2023-36897",
  "lastModified": "2026-05-19T18:38:59.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-08T18:15:15.913",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8W7Q-CFXQ-V32G

Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:42

Details

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Severity

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36897"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T18:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
  "id": "GHSA-8w7q-cfxq-v32g",
  "modified": "2024-04-04T06:42:20Z",
  "published": "2023-08-08T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36897"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-36897

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Aliases

CVE-2023-36897

Aliases

CVE-2023-36897

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-36897",
    "id": "GSD-2023-36897"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-36897"
      ],
      "details": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
      "id": "GSD-2023-36897",
      "modified": "2023-12-13T01:20:34.250864Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-36897",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft 365 Apps for Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Office LTSC 2021",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.1",
                          "version_value": "https://aka.ms/OfficeSecurityReleases"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.9.0",
                          "version_value": "15.9.56"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Visual Studio 2022 version 17.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.2.0",
                          "version_value": "17.2.18"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.11.0",
                          "version_value": "16.11.29"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Visual Studio 2022 version 17.4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.4.0",
                          "version_value": "17.4.10"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Visual Studio 2022 version 17.6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.6.0",
                          "version_value": "17.6.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Visual Studio 2010 Tools for Office Runtime",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "10.0.60910"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Spoofing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.4.10",
                "versionStartIncluding": "17.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.2.18",
                "versionStartIncluding": "17.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.6.6",
                "versionStartIncluding": "17.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.9.56",
                "versionStartIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.11.29",
                "versionStartIncluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2010_tools_for_office_runtime:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-36897"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-10T20:52Z",
      "publishedDate": "2023-08-08T18:15Z"
    }
  }
}

MSRC_CVE-2023-36897

Vulnerability from csaf_microsoft - Published: 2023-08-08 07:00 - Updated: 2023-08-15 07:00

Summary

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2023-36897

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Fixed 12 products

Product	Identifier	Version	Remediation
Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.56 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)		15.9.56
Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems		https://aka.ms/OfficeSecurityReleases
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.29 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)		16.11.29
Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions		https://aka.ms/OfficeSecurityReleases
Microsoft Visual Studio 2022 version 17.2 17.2.18 Microsoft Visual Studio 2022 version 17.2		17.2.18
Microsoft Visual Studio 2022 version 17.4 17.4.10 Microsoft Visual Studio 2022 version 17.4		17.4.10
Microsoft Visual Studio 2022 version 17.6 17.6.6 Microsoft Visual Studio 2022 version 17.6		17.6.6
Visual Studio 2010 Tools for Office Runtime 10.0.60910 Visual Studio 2010 Tools for Office Runtime		10.0.60910

Known affected 12 products

Product	Version	Remediation
Visual Studio 2010 Tools for Office Runtime <10.0.60910 Visual Studio 2010 Tools for Office Runtime	<10.0.60910	Vendor Fix fix
Microsoft Visual Studio 2022 version 17.6 <17.6.6 Microsoft Visual Studio 2022 version 17.6	<17.6.6	Vendor Fix fix
Microsoft Visual Studio 2022 version 17.4 <17.4.10 Microsoft Visual Studio 2022 version 17.4	<17.4.10	Vendor Fix fix
Microsoft Visual Studio 2022 version 17.2 <17.2.18 Microsoft Visual Studio 2022 version 17.2	<17.2.18	Vendor Fix fix
Microsoft Office LTSC 2021 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office LTSC 2021 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office LTSC 2021 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) <16.11.29 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	<16.11.29	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 64-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 64-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft 365 Apps for Enterprise for 32-bit Systems <https://aka.ms/OfficeSecurityReleases Microsoft 365 Apps for Enterprise for 32-bit Systems	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) <15.9.56 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	<15.9.56	Vendor Fix fix
Microsoft Office 2019 for 64-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 64-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix
Microsoft Office 2019 for 32-bit editions <https://aka.ms/OfficeSecurityReleases Microsoft Office 2019 for 32-bit editions	<https://aka.ms/OfficeSecurityReleases	Vendor Fix fix

Threats

Impact Spoofing

Exploit Status Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/2023/msrc_cve-202…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/update-guide/vulnerabi…	self

Acknowledgments

Bill Demirkapi with Microsoft

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Bill Demirkapi with Microsoft"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
      },
      {
        "category": "self",
        "summary": "CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/2023/msrc_cve-2023-36897.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Visual Studio Tools for Office Runtime Spoofing Vulnerability",
    "tracking": {
      "current_release_date": "2023-08-15T07:00:00.000Z",
      "generator": {
        "date": "2025-01-01T01:58:31.446Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-36897",
      "initial_release_date": "2023-08-08T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-08-08T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-08-15T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "In the Security Updates table, added the Download link for Visual Studio 2010 Tools for Office Runtime."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11573"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11574"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11953"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.9.56",
            "product": {
              "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \u003c15.9.56",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "15.9.56",
            "product": {
              "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.56",
              "product_id": "11600"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.2.18",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.2 \u003c17.2.18",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "17.2.18",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.2 17.2.18",
              "product_id": "12051"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2022 version 17.2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.11.29",
            "product": {
              "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) \u003c16.11.29",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "16.11.29",
            "product": {
              "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) 16.11.29",
              "product_id": "11935"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.4.10",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.4 \u003c17.4.10",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "17.4.10",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.4 17.4.10",
              "product_id": "12129"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2022 version 17.4"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.6.6",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.6 \u003c17.6.6",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "17.6.6",
            "product": {
              "name": "Microsoft Visual Studio 2022 version 17.6 17.6.6",
              "product_id": "12187"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Visual Studio 2022 version 17.6"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.60910",
            "product": {
              "name": "Visual Studio 2010 Tools for Office Runtime \u003c10.0.60910",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.60910",
            "product": {
              "name": "Visual Studio 2010 Tools for Office Runtime 10.0.60910",
              "product_id": "12215"
            }
          }
        ],
        "category": "product_name",
        "name": "Visual Studio 2010 Tools for Office Runtime"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36897",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The user would have to click on install to be compromised by the attacker.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "An unauthenticated attacker could bypass validation as a trusted source through a crafted certificate that could mislead a user to believing the file they are installing is legitimate.",
          "title": "How could an attacker exploit this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11573",
          "11574",
          "11600",
          "11762",
          "11763",
          "11935",
          "11952",
          "11953",
          "12051",
          "12129",
          "12187",
          "12215"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
        },
        {
          "category": "self",
          "summary": "CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
          "product_ids": [
            "12",
            "11",
            "9",
            "8",
            "6",
            "5"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "15.9.56:Security Update:https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes",
          "product_ids": [
            "10"
          ],
          "url": "https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "17.2.18:Security Update:https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
          "product_ids": [
            "4"
          ],
          "url": "https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "16.11.29:Security Update:https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11",
          "product_ids": [
            "7"
          ],
          "url": "https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "17.4.10:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
          "product_ids": [
            "3"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "17.6.6:Security Update:https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes",
          "product_ids": [
            "2"
          ],
          "url": "https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes"
        },
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "10.0.60910:Security Update:https://support.microsoft.com/help/5029497",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5029497"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Spoofing"
        },
        {
          "category": "exploit_status",
          "details": "Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Visual Studio Tools for Office Runtime Spoofing Vulnerability"
    }
  ]
}

WID-SEC-W-2023-1999

Vulnerability from csaf_certbund - Published: 2023-08-08 22:00 - Updated: 2023-08-08 22:00

Summary

Microsoft Office: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen. Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt. Microsoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool. Microsoft Visio ist eine Visualisierungs-Software zur Darstellung von Flußdiagrammen, Netzplänen oder Organisationsdiagrammen. Microsoft Visio ist eigenständiger Bestandteil des Microsoft-Office-Systems.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - Windows

CVE-2023-36897

In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft veröffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36896

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36895

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36894

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36893

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36892

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36891

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36890

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36866

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36865

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-35372

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-35371

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-29330

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-29328

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool.\r\nMicrosoft Visio ist eine Visualisierungs-Software zur Darstellung von Flu\u00dfdiagrammen, Netzpl\u00e4nen oder Organisationsdiagrammen. Microsoft Visio ist eigenst\u00e4ndiger Bestandteil des Microsoft-Office-Systems.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1999 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1999.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1999 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1999"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-08-08",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-08-08T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:56:44.612+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1999",
      "initial_release_date": "2023-08-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T029142",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 SP1",
                "product": {
                  "name": "Microsoft Excel 2013 SP1",
                  "product_id": "T012236",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 RT SP1",
                "product": {
                  "name": "Microsoft Excel 2013 RT SP1",
                  "product_id": "T012632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_rt_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Excel"
          },
          {
            "category": "product_name",
            "name": "Microsoft Excel 2016",
            "product": {
              "name": "Microsoft Excel 2016",
              "product_id": "T013928",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:excel_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Office 2013 SP1",
                "product": {
                  "name": "Microsoft Office 2013 SP1",
                  "product_id": "T011817",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T020985",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T020986",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2013 RT SP1",
            "product": {
              "name": "Microsoft Office 2013 RT SP1",
              "product_id": "T014527",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2013_rt:sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2016",
            "product": {
              "name": "Microsoft Office 2016",
              "product_id": "T013923",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019",
            "product": {
              "name": "Microsoft Office 2019",
              "product_id": "T014534",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019 for Mac",
            "product": {
              "name": "Microsoft Office 2019 for Mac",
              "product_id": "T014533",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019_for_mac:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "921247",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:2016"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013 RT SP1",
                "product": {
                  "name": "Microsoft Outlook 2013 RT SP1",
                  "product_id": "T010466",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013 SP1",
                "product": {
                  "name": "Microsoft Outlook 2013 SP1",
                  "product_id": "T010467",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Outlook"
          },
          {
            "category": "product_name",
            "name": "Microsoft Outlook 2016",
            "product": {
              "name": "Microsoft Outlook 2016",
              "product_id": "T022027",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:outlook_2016:for_mac"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft PowerPoint 2013 RT SP1",
                "product": {
                  "name": "Microsoft PowerPoint 2013 RT SP1",
                  "product_id": "T006380",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powerpoint:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft PowerPoint 2013 SP1",
                "product": {
                  "name": "Microsoft PowerPoint 2013 SP1",
                  "product_id": "T012871",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powerpoint:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerPoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft PowerPoint 2016",
            "product": {
              "name": "Microsoft PowerPoint 2016",
              "product_id": "T015483",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:powerpoint_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Project 2016",
            "product": {
              "name": "Microsoft Project 2016",
              "product_id": "T014973",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:project_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Publisher 2016",
            "product": {
              "name": "Microsoft Publisher 2016",
              "product_id": "T016268",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:publisher_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T018556",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T021526",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T014523",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Teams for Android",
                "product": {
                  "name": "Microsoft Teams for Android",
                  "product_id": "T022029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_android"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for iOS",
                "product": {
                  "name": "Microsoft Teams for iOS",
                  "product_id": "T022030",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_ios"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for Desktop",
                "product": {
                  "name": "Microsoft Teams for Desktop",
                  "product_id": "T029139",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for Mac",
                "product": {
                  "name": "Microsoft Teams for Mac",
                  "product_id": "T029140",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_mac"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Teams"
          },
          {
            "category": "product_name",
            "name": "Microsoft Visio 2013 SP1",
            "product": {
              "name": "Microsoft Visio 2013 SP1",
              "product_id": "T029141",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:visio:2013_sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Visio 2016",
            "product": {
              "name": "Microsoft Visio 2016",
              "product_id": "T016271",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:visio_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 RT SP1",
                "product": {
                  "name": "Microsoft Word 2013 RT SP1",
                  "product_id": "T006399",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 SP1",
                "product": {
                  "name": "Microsoft Word 2013 SP1",
                  "product_id": "T011714",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Word"
          },
          {
            "category": "product_name",
            "name": "Microsoft Word 2016",
            "product": {
              "name": "Microsoft Word 2016",
              "product_id": "T015487",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:word_2016:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36897",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36897"
    },
    {
      "cve": "CVE-2023-36896",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36896"
    },
    {
      "cve": "CVE-2023-36895",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36895"
    },
    {
      "cve": "CVE-2023-36894",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36894"
    },
    {
      "cve": "CVE-2023-36893",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36893"
    },
    {
      "cve": "CVE-2023-36892",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36892"
    },
    {
      "cve": "CVE-2023-36891",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36891"
    },
    {
      "cve": "CVE-2023-36890",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36890"
    },
    {
      "cve": "CVE-2023-36866",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36866"
    },
    {
      "cve": "CVE-2023-36865",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36865"
    },
    {
      "cve": "CVE-2023-35372",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-35372"
    },
    {
      "cve": "CVE-2023-35371",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-35371"
    },
    {
      "cve": "CVE-2023-29330",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29330"
    },
    {
      "cve": "CVE-2023-29328",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29328"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-36897 (GCVE-0-2023-36897)

Solution

Solution

Tags

Sightings

Nomenclature