Vulnerability-Lookup

WID-SEC-W-2023-1720

Vulnerability from csaf_certbund - Published: 2023-07-11 22:00 - Updated: 2023-08-08 22:00

Summary

Microsoft Office: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen. Excel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl für Microsoft Windows als auch für Mac OS verfügbar. Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen. Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. Outlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite. Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt. Microsoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - Windows

CVE-2023-36884

In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-35311

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33165

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33162

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33161

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33160

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33159

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33158

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33157

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33153

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33152

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33151

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33150

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33149

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33148

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-33134

Affected products

Known affected 23 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Office 2013 Click-to-Run (C2R) Microsoft / Office	`cpe:/a:microsoft:office:word_viewer`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:word`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft Outlook 2013 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013:sp1`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/de-DE/vul…	external
https://msrc.microsoft.com/update-guide	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.\r\nExcel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl f\u00fcr Microsoft Windows als auch f\u00fcr Mac OS verf\u00fcgbar.\r\nDie Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nOutlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite.\r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1720 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1720.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1720 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1720"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates ADV230003 vom 2023-08-08",
        "url": "https://msrc.microsoft.com/update-guide/de-DE/vulnerability/ADV230003"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-07-11",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-08-08T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:18.631+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1720",
      "initial_release_date": "2023-07-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Microsoft aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T016696",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:word"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 SP1",
                "product": {
                  "name": "Microsoft Excel 2013 SP1",
                  "product_id": "T012236",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 RT SP1",
                "product": {
                  "name": "Microsoft Excel 2013 RT SP1",
                  "product_id": "T012632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_rt_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Excel"
          },
          {
            "category": "product_name",
            "name": "Microsoft Excel 2016",
            "product": {
              "name": "Microsoft Excel 2016",
              "product_id": "T013928",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:excel_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Office 2013 SP1",
                "product": {
                  "name": "Microsoft Office 2013 SP1",
                  "product_id": "T011817",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office 2013 Click-to-Run (C2R)",
                "product": {
                  "name": "Microsoft Office 2013 Click-to-Run (C2R)",
                  "product_id": "T011820",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:word_viewer"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T020985",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T020986",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office for Universal",
                "product": {
                  "name": "Microsoft Office for Universal",
                  "product_id": "T026297",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_universal"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2013 RT SP1",
            "product": {
              "name": "Microsoft Office 2013 RT SP1",
              "product_id": "T014527",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2013_rt:sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2016",
            "product": {
              "name": "Microsoft Office 2016",
              "product_id": "T013923",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019",
            "product": {
              "name": "Microsoft Office 2019",
              "product_id": "T014534",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019 for Mac",
            "product": {
              "name": "Microsoft Office 2019 for Mac",
              "product_id": "T014533",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019_for_mac:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "921247",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:2016"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013",
                "product": {
                  "name": "Microsoft Outlook 2013",
                  "product_id": "337123",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013 RT SP1",
                "product": {
                  "name": "Microsoft Outlook 2013 RT SP1",
                  "product_id": "T010466",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013_rt_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Outlook"
          },
          {
            "category": "product_name",
            "name": "Microsoft Outlook 2016",
            "product": {
              "name": "Microsoft Outlook 2016",
              "product_id": "T022027",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:outlook_2016:for_mac"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T018556",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T021526",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T014523",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 RT SP1",
                "product": {
                  "name": "Microsoft Word 2013 RT SP1",
                  "product_id": "T006399",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 SP1",
                "product": {
                  "name": "Microsoft Word 2013 SP1",
                  "product_id": "T011714",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Word"
          },
          {
            "category": "product_name",
            "name": "Microsoft Word 2016",
            "product": {
              "name": "Microsoft Word 2016",
              "product_id": "T015487",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:word_2016:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36884",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-36884"
    },
    {
      "cve": "CVE-2023-35311",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-35311"
    },
    {
      "cve": "CVE-2023-33165",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33165"
    },
    {
      "cve": "CVE-2023-33162",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33162"
    },
    {
      "cve": "CVE-2023-33161",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33161"
    },
    {
      "cve": "CVE-2023-33160",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33160"
    },
    {
      "cve": "CVE-2023-33159",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33159"
    },
    {
      "cve": "CVE-2023-33158",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33158"
    },
    {
      "cve": "CVE-2023-33157",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33157"
    },
    {
      "cve": "CVE-2023-33153",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33153"
    },
    {
      "cve": "CVE-2023-33152",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33152"
    },
    {
      "cve": "CVE-2023-33151",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33151"
    },
    {
      "cve": "CVE-2023-33150",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33150"
    },
    {
      "cve": "CVE-2023-33149",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33149"
    },
    {
      "cve": "CVE-2023-33148",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33148"
    },
    {
      "cve": "CVE-2023-33134",
      "notes": [
        {
          "category": "description",
          "text": "In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T011714",
          "T010466",
          "T014527",
          "T012236",
          "T012632",
          "921247",
          "T011820",
          "T014533",
          "T014523",
          "T014534",
          "T015487",
          "T016696",
          "T018556",
          "337123",
          "T021526",
          "T022027",
          "T020986",
          "T020985",
          "T026297",
          "T011817",
          "T013928"
        ]
      },
      "release_date": "2023-07-11T22:00:00.000+00:00",
      "title": "CVE-2023-33134"
    }
  ]
}

CVE-2023-33134 (GCVE-0-2023-33134)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-02-28 21:07

Title

Microsoft SharePoint Server Remote Code Execution Vulnerability

Summary

Microsoft SharePoint Server Remote Code Execution Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10400.20008 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20642 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:27.395814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:07:37.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10400.20008",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20642",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10400.20008",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20642",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:53:07.270Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33134",
    "datePublished": "2023-07-11T17:03:06.333Z",
    "dateReserved": "2023-05-17T21:16:44.896Z",
    "dateUpdated": "2025-02-28T21:07:37.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33148 (GCVE-0-2023-33148)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 20:30

Title

Microsoft Office Elevation of Privilege Vulnerability

Summary

Microsoft Office Elevation of Privilege Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Microsoft Office 2013 Click-to-Run (C2R)	Affected: 15.0.0.0 , < 15.0.5571.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173591/Microsoft-Office-365-18.2305.1222.0-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33148",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:29:58.778561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T20:30:21.079Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://packetstorm.news/files/id/173591"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Click-to-Run (C2R)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:click-to-run:*:x86:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:50.962Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148"
        }
      ],
      "title": "Microsoft Office Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33148",
    "datePublished": "2023-07-11T17:02:16.278Z",
    "dateReserved": "2023-05-17T21:16:44.897Z",
    "dateUpdated": "2025-02-28T20:30:21.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33149 (GCVE-0-2023-33149)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 21:08

Title

Microsoft Office Graphics Remote Code Execution Vulnerability

Summary

Microsoft Office Graphics Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

7 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2019 for Mac	Affected: 16.0.0 , < 16.75.23070901 (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.75.23070901 (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft Office 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5571.1000 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Graphics Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33149",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:41.618047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:08:16.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.75.23070901",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.75.23070901",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.75.23070901",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.75.23070901",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Graphics Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:51.580Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Graphics Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149"
        }
      ],
      "title": "Microsoft Office Graphics Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33149",
    "datePublished": "2023-07-11T17:02:16.883Z",
    "dateReserved": "2023-05-17T21:16:44.898Z",
    "dateUpdated": "2025-02-28T21:08:16.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33150 (GCVE-0-2023-33150)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 20:46

Title

Microsoft Office Security Feature Bypass Vulnerability

Summary

Microsoft Office Security Feature Bypass Vulnerability

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Security Feature Bypass

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

6 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Word 2016	Affected: 16.0.1 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft Word 2013 Service Pack 1	Affected: 15.0.1 , < 15.0.5571.1000 (custom)
Microsoft	Microsoft Word 2013 Service Pack 1	Affected: 15.0.1 , < 15.0.5571.1000 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:38.973999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T20:46:53.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Word 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Word 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Word 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:52.256Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150"
        }
      ],
      "title": "Microsoft Office Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33150",
    "datePublished": "2023-07-11T17:02:17.520Z",
    "dateReserved": "2023-05-17T21:16:44.898Z",
    "dateUpdated": "2025-02-28T20:46:53.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33151 (GCVE-0-2023-33151)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 19:40

Title

Microsoft Outlook Spoofing Vulnerability

Summary

Microsoft Outlook Spoofing Vulnerability

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Spoofing

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

6 products

Vendor	Product	Version
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Outlook 2016	Affected: 16.0.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Outlook 2013	Affected: 14.0.0 , < 15.0.5571.1000 (custom)
Microsoft	Microsoft Outlook 2013 Service Pack 1	Affected: 15.0.0.0 , < 15.0.5571.1000 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Outlook Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T19:24:49.638614Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T19:40:08.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Outlook 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Outlook 2013",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Microsoft Outlook 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x64:*:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:-:-:*:-:-:x86:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:rt:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Outlook Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:52.954Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Outlook Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151"
        }
      ],
      "title": "Microsoft Outlook Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33151",
    "datePublished": "2023-07-11T17:02:18.559Z",
    "dateReserved": "2023-05-17T21:16:44.898Z",
    "dateUpdated": "2025-02-28T19:40:08.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33152 (GCVE-0-2023-33152)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 21:08

Title

Microsoft ActiveX Remote Code Execution Vulnerability

Summary

Microsoft ActiveX Remote Code Execution Vulnerability

Severity

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft Office 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5571.1000 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ActiveX Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:36.414869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:08:10.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ActiveX Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:53.508Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ActiveX Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152"
        }
      ],
      "title": "Microsoft ActiveX Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33152",
    "datePublished": "2023-07-11T17:02:19.310Z",
    "dateReserved": "2023-05-17T21:16:44.898Z",
    "dateUpdated": "2025-02-28T21:08:10.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33153 (GCVE-0-2023-33153)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:02 – Updated: 2025-02-28 20:02

Title

Microsoft Outlook Remote Code Execution Vulnerability

Summary

Microsoft Outlook Remote Code Execution Vulnerability

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft Office 2013 Service Pack 1	Affected: 15.0.0 , < 15.0.5571.1000 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Outlook Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T19:24:48.211780Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T20:02:06.421Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5571.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*",
                  "versionEndExcluding": "15.0.5571.1000",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Outlook Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:51:54.082Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Outlook Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153"
        }
      ],
      "title": "Microsoft Outlook Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33153",
    "datePublished": "2023-07-11T17:02:19.832Z",
    "dateReserved": "2023-05-17T21:16:44.898Z",
    "dateUpdated": "2025-02-28T20:02:06.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33157 (GCVE-0-2023-33157)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-02-28 20:46

Title

Microsoft SharePoint Remote Code Execution Vulnerability

Summary

Microsoft SharePoint Remote Code Execution Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10400.20008 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20642 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:34.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:24.530754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T20:46:18.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10400.20008",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20642",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10400.20008",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20642",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:52:44.156Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157"
        }
      ],
      "title": "Microsoft SharePoint Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33157",
    "datePublished": "2023-07-11T17:03:08.566Z",
    "dateReserved": "2023-05-17T21:16:44.899Z",
    "dateUpdated": "2025-02-28T20:46:18.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33158 (GCVE-0-2023-33158)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-02-28 21:07

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Microsoft Excel Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-191 - Integer Underflow (Wrap or Wraparound)

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019 for Mac	Affected: 16.0.0 , < 16.75.23070901 (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.75.23070901 (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office for Universal	Affected: 16.0.1 , < 16.0.14326.21502 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Excel Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:21.613518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:07:30.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.75.23070901",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.75.23070901",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office for Universal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.14326.21502",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.75.23070901",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.75.23070901",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:universal:*:*:*:*:*",
                  "versionEndExcluding": "16.0.14326.21502",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Excel Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:52:44.674Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33158",
    "datePublished": "2023-07-11T17:03:09.129Z",
    "dateReserved": "2023-05-17T21:16:44.899Z",
    "dateUpdated": "2025-02-28T21:07:30.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-33159 (GCVE-0-2023-33159)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-02-28 21:07

Title

Microsoft SharePoint Server Spoofing Vulnerability

Summary

Microsoft SharePoint Server Spoofing Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5404.1000 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10400.20008 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20642 (custom)

Date Public

2023-07-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33159",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:20:18.845818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:07:24.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5404.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10400.20008",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20642",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5404.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10400.20008",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20642",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:52:45.410Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159"
        }
      ],
      "title": "Microsoft SharePoint Server Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33159",
    "datePublished": "2023-07-11T17:03:09.698Z",
    "dateReserved": "2023-05-17T21:16:44.899Z",
    "dateUpdated": "2025-02-28T21:07:24.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1720

CVE-2023-33134 (GCVE-0-2023-33134)

CVE-2023-33148 (GCVE-0-2023-33148)

CVE-2023-33149 (GCVE-0-2023-33149)

CVE-2023-33150 (GCVE-0-2023-33150)

CVE-2023-33151 (GCVE-0-2023-33151)

CVE-2023-33152 (GCVE-0-2023-33152)

CVE-2023-33153 (GCVE-0-2023-33153)

CVE-2023-33157 (GCVE-0-2023-33157)

CVE-2023-33158 (GCVE-0-2023-33158)

CVE-2023-33159 (GCVE-0-2023-33159)

Tags

Sightings

Nomenclature