Vulnerability-Lookup

WID-SEC-W-2023-0391

Vulnerability from csaf_certbund - Published: 2023-02-14 23:00 - Updated: 2023-03-06 23:00

Summary

Microsoft Office Produkte: Mehrere Schwachstellen

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, Sicherheitsmechanismen zu umgehen und Informationen offenzulegen.

Betroffene Betriebssysteme: - MacOS X - Windows - Android - iPhoneOS

CVE-2023-21714

In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausführung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. Für die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich.

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

CVE-2023-21715

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

CVE-2023-21716

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

CVE-2023-21717

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

CVE-2023-21721

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

CVE-2023-21823

Affected products

Known affected 19 products

Product	Identifier	Version
Microsoft SharePoint Foundation 2013 SP1 Microsoft	`cpe:/a:microsoft:sharepoint_foundation_2013:sp1`	—
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	—
Microsoft Office Web Apps Server 2013 SP1 Microsoft	`cpe:/a:microsoft:office_web_apps_server_2013:sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:sp_1`	—
Microsoft Word 2013 RT SP1 Microsoft / Word 2013	`cpe:/a:microsoft:word_2013:rt_sp_1`	—
Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Language Pack Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for iOS Microsoft / Office	`cpe:/a:microsoft:office:for_ios`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft OneNote for Android Microsoft	`cpe:/a:microsoft:onenote:for_android`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.helpnetsecurity.com/2023/03/06/cve-20…	external
https://msrc.microsoft.com/update-guide	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office und SharePoint Produkten ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, Sicherheitsmechanismen zu umgehen und Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Windows\n- Android\n- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0391 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0391.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0391 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0391"
      },
      {
        "category": "external",
        "summary": "PoC auf Helpnet Security vom 2023-02-14",
        "url": "https://www.helpnetsecurity.com/2023/03/06/cve-2023-21716-poc/"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-02-14",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-03-06T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:43:47.760+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0391",
      "initial_release_date": "2023-02-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T016910",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T020985",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T020986",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office for Android",
                "product": {
                  "name": "Microsoft Office for Android",
                  "product_id": "T026296",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_android"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office for Universal",
                "product": {
                  "name": "Microsoft Office for Universal",
                  "product_id": "T026297",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_universal"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office for iOS",
                "product": {
                  "name": "Microsoft Office for iOS",
                  "product_id": "T026298",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_ios"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019 for Mac",
            "product": {
              "name": "Microsoft Office 2019 for Mac",
              "product_id": "T014533",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019_for_mac:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "921247",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:2016"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Web Apps Server 2013 SP1",
            "product": {
              "name": "Microsoft Office Web Apps Server 2013 SP1",
              "product_id": "T016915",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_web_apps_server_2013:sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft OneNote for Android",
            "product": {
              "name": "Microsoft OneNote for Android",
              "product_id": "T026299",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:onenote:for_android"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T018556",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2013 SP1",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2013 SP1",
                  "product_id": "T020103",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T021526",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition Language Pack",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition Language Pack",
                  "product_id": "T021527",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition_language_pack"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Foundation 2013 SP1",
            "product": {
              "name": "Microsoft SharePoint Foundation 2013 SP1",
              "product_id": "T014519",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_foundation_2013:sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T014523",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 RT SP1",
                "product": {
                  "name": "Microsoft Word 2013 RT SP1",
                  "product_id": "T015485",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word_2013:rt_sp_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 SP1",
                "product": {
                  "name": "Microsoft Word 2013 SP1",
                  "product_id": "T015486",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word_2013:sp_1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Word 2013"
          },
          {
            "category": "product_name",
            "name": "Microsoft Word 2016",
            "product": {
              "name": "Microsoft Word 2016",
              "product_id": "T015487",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:word_2016:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21714",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21714"
    },
    {
      "cve": "CVE-2023-21715",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21715"
    },
    {
      "cve": "CVE-2023-21716",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21716"
    },
    {
      "cve": "CVE-2023-21717",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21717"
    },
    {
      "cve": "CVE-2023-21721",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21721"
    },
    {
      "cve": "CVE-2023-21823",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office und SharePoint Produkten existieren mehrere Schwachstellen. Ein Angreifer kann dadurch seine Privilegien auf SYSTEM Rechte ausweiten, beliebigen Code zur Ausf\u00fchrung bringen, Sicherheitsmechanismen umgehen und Informationen offenlegen. F\u00fcr die Ausnutzung einiger Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014519",
          "T026296",
          "T016915",
          "921247",
          "T014533",
          "T016910",
          "T014523",
          "T015487",
          "T015486",
          "T015485",
          "T020103",
          "T018556",
          "T021527",
          "T021526",
          "T020986",
          "T020985",
          "T026298",
          "T026297",
          "T026299"
        ]
      },
      "release_date": "2023-02-14T23:00:00.000+00:00",
      "title": "CVE-2023-21823"
    }
  ]
}

CVE-2023-21714 (GCVE-0-2023-21714)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:33 – Updated: 2025-01-01 00:41

Title

Microsoft Office Information Disclosure Vulnerability

Summary

Microsoft Office Information Disclosure Vulnerability

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:02.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21714"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:17.733Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21714"
        }
      ],
      "title": "Microsoft Office Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21714",
    "datePublished": "2023-02-14T19:33:43.757Z",
    "dateReserved": "2022-12-13T18:08:03.491Z",
    "dateUpdated": "2025-01-01T00:41:17.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21715 (GCVE-0-2023-21715)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:33 – Updated: 2025-10-21 23:15

Title

Microsoft Publisher Security Feature Bypass Vulnerability

Summary

Microsoft Publisher Security Feature Bypass Vulnerability

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Security Feature Bypass

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Publisher Security Features Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21715",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T16:09:34.022061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-02-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21715"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:26.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21715"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-02-14T00:00:00.000Z",
            "value": "CVE-2023-21715 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Publisher Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:18.220Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Publisher Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715"
        }
      ],
      "title": "Microsoft Publisher Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21715",
    "datePublished": "2023-02-14T19:33:44.719Z",
    "dateReserved": "2022-12-13T18:08:03.491Z",
    "dateUpdated": "2025-10-21T23:15:26.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21716 (GCVE-0-2023-21716)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:33 – Updated: 2025-02-28 21:13

Title

Microsoft Word Remote Code Execution Vulnerability

Summary

Microsoft Word Remote Code Execution Vulnerability

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

16 products

Vendor	Product	Version
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.70.23021201 (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.15601.20478 (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	SharePoint Server Subscription Edition Language Pack	Affected: 16.0.0 , < 16.0.15601.20478 (custom)
Microsoft	Microsoft Office Online Server	Affected: 16.0.1 , < 16.0.10395.20001 (custom)
Microsoft	Microsoft Office 2019 for Mac	Affected: 16.0.0 , < 16.70.23021201 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5383.1000 (custom)
Microsoft	Microsoft SharePoint Enterprise Server 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5529.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10395.20001 (custom)
Microsoft	Microsoft Word 2016	Affected: 16.0.1 , < 16.0.5383.1000 (custom)
Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1	Affected: 15.0.1 , < 15.0.5529.1000 (custom)
Microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5529.1000 (custom)
Microsoft	Microsoft Word 2013 Service Pack 1	Affected: 15.0.1 , < 15.0.5529.1000 (custom)
Microsoft	Microsoft Word 2013 Service Pack 1	Affected: 15.0.1 , < 15.0.5529.1000 (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:50.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Word Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21716",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:21:05.782542Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:13:53.143Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.70.23021201",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.15601.20478",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "SharePoint Server Subscription Edition Language Pack",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.15601.20478",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10395.20001",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.70.23021201",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5383.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10395.20001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Word 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5383.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office Web Apps Server 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Microsoft Word 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Word 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.70.23021201",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.15601.20478",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.15601.20478",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10395.20001",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.70.23021201",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5383.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10395.20001",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5383.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Word Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:18.719Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Word Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716"
        }
      ],
      "title": "Microsoft Word Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21716",
    "datePublished": "2023-02-14T19:33:45.678Z",
    "dateReserved": "2022-12-13T18:08:03.491Z",
    "dateUpdated": "2025-02-28T21:13:53.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21717 (GCVE-0-2023-21717)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:33 – Updated: 2025-04-12 03:55

Title

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Summary

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-284 - Improper Access Control

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5383.1000 (custom)
Microsoft	Microsoft SharePoint Enterprise Server 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5529.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10395.20001 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.15601.20478 (custom)
Microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5529.1000 (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21717",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-12T03:55:19.923Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5383.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10395.20001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.15601.20478",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5529.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5383.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10395.20001",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.15601.20478",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5529.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:19.240Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717"
        }
      ],
      "title": "Microsoft SharePoint Server Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21717",
    "datePublished": "2023-02-14T19:33:46.638Z",
    "dateReserved": "2022-12-13T18:08:03.491Z",
    "dateUpdated": "2025-04-12T03:55:19.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21721 (GCVE-0-2023-21721)

Vulnerability from cvelistv5 – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:41

Title

Microsoft OneNote Elevation of Privilege Vulnerability

Summary

Microsoft OneNote Elevation of Privilege Vulnerability

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE

CWE-287 - Improper Authentication

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Microsoft	Microsoft OneNote for Android	Affected: 16.0.1 , < 16.0.16026.20158 (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:49.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OneNote Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OneNote for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16026.20158",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.16026.20158",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OneNote Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:22.970Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OneNote Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21721"
        }
      ],
      "title": "Microsoft OneNote Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21721",
    "datePublished": "2023-02-14T19:32:48.000Z",
    "dateReserved": "2022-12-13T18:08:03.492Z",
    "dateUpdated": "2025-01-01T00:41:22.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21823 (GCVE-0-2023-21823)

Vulnerability from cvelistv5 – Published: 2023-02-14 20:09 – Updated: 2025-10-21 23:15

Title

Windows Graphics Component Remote Code Execution Vulnerability

Summary

Windows Graphics Component Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

26 products

Vendor	Product	Version
Microsoft	Microsoft Office for Android	Affected: 16.0.1 , < 16.0.16130.20156 (custom)
Microsoft	Microsoft Office for Universal	Affected: 16.0.1 , < 16.0.14326.21330 (custom)
Microsoft	Microsoft Office for iOS	Affected: 2.0.0 , < 2.70.23021003 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.17763.0 , < 10.0.17763.4010 (custom)
Microsoft	Windows 10 Version 1809	Affected: 10.0.0 , < 10.0.17763.4010 (custom)
Microsoft	Windows Server 2019	Affected: 10.0.17763.0 , < 10.0.17763.4010 (custom)
Microsoft	Windows Server 2019 (Server Core installation)	Affected: 10.0.17763.0 , < 10.0.17763.4010 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.1547 (custom)
Microsoft	Windows 10 Version 20H2	Affected: 10.0.0 , < 10.0.19042.2604 (custom)
Microsoft	Windows 11 version 21H2	Affected: 10.0.0 , < 10.0.22621.1574 (custom)
Microsoft	Windows 10 Version 21H2	Affected: 10.0.19043.0 , < 10.0.19044.2604 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.1265 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19045.2604 (custom)
Microsoft	Windows 10 Version 1507	Affected: 10.0.10240.0 , < 10.0.10240.19747 (custom)
Microsoft	Windows 10 Version 1607	Affected: 10.0.14393.0 , < 10.0.14393.5717 (custom)
Microsoft	Windows Server 2016	Affected: 10.0.14393.0 , < 10.0.14393.5717 (custom)
Microsoft	Windows Server 2016 (Server Core installation)	Affected: 10.0.14393.0 , < 10.0.14393.5717 (custom)
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.6003.0 , < 6.0.6003.21915 (custom)
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	Affected: 6.0.6003.0 , < 6.0.6003.21915 (custom)
Microsoft	Windows Server 2008 Service Pack 2	Affected: 6.0.6003.0 , < 6.0.6003.21915 (custom)
Microsoft	Windows Server 2008 R2 Service Pack 1	Affected: 6.1.7601.0 , < 6.1.7601.26366 (custom)
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	Affected: 6.1.7601.0 , < 6.1.7601.26366 (custom)
Microsoft	Windows Server 2012	Affected: 6.2.9200.0 , < 6.2.9200.24116 (custom)
Microsoft	Windows Server 2012 (Server Core installation)	Affected: 6.2.9200.0 , < 6.2.9200.24116 (custom)
Microsoft	Windows Server 2012 R2	Affected: 6.3.9600.0 , < 6.3.9600.20821 (custom)
Microsoft	Windows Server 2012 R2 (Server Core installation)	Affected: 6.3.9600.0 , < 6.3.9600.20821 (custom)

Date Public

2023-02-14 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21823",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T13:41:01.282023Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-02-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21823"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:25.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21823"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-02-14T00:00:00.000Z",
            "value": "CVE-2023-21823 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:51.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Graphics Component Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20156",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office for Universal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.14326.21330",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office for iOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.70.23021003",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4010",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4010",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4010",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4010",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.1547",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.2604",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.1574",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.2604",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.1265",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.2604",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19747",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5717",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5717",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5717",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21915",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21915",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21915",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26366",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26366",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24116",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24116",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20821",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20821",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
                  "versionEndExcluding": "16.0.16130.20156",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:universal:*:*:*:*:*",
                  "versionEndExcluding": "16.0.14326.21330",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:iOS:*:*:*:*:*",
                  "versionEndExcluding": "2.70.23021003",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.4010",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.4010",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4010",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4010",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.1547",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19042.2604",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22621.1574",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.2604",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.1265",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.2604",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.19747",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.5717",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.5717",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.5717",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.21915",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.21915",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.21915",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26366",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26366",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24116",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24116",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.20821",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.20821",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-02-14T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Graphics Component Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:41:07.151Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Graphics Component Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823"
        }
      ],
      "title": "Windows Graphics Component Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21823",
    "datePublished": "2023-02-14T20:09:36.834Z",
    "dateReserved": "2022-12-16T22:13:41.245Z",
    "dateUpdated": "2025-10-21T23:15:25.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-0391

CVE-2023-21714 (GCVE-0-2023-21714)

CVE-2023-21715 (GCVE-0-2023-21715)

CVE-2023-21716 (GCVE-0-2023-21716)

CVE-2023-21717 (GCVE-0-2023-21717)

CVE-2023-21721 (GCVE-0-2023-21721)

CVE-2023-21823 (GCVE-0-2023-21823)

Tags

Sightings

Nomenclature