Vulnerability-Lookup

WID-SEC-W-2023-1999

Vulnerability from csaf_certbund - Published: 2023-08-08 22:00 - Updated: 2023-08-08 22:00

Summary

Microsoft Office: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen. Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt. Microsoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool. Microsoft Visio ist eine Visualisierungs-Software zur Darstellung von Flußdiagrammen, Netzplänen oder Organisationsdiagrammen. Microsoft Visio ist eigenständiger Bestandteil des Microsoft-Office-Systems.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - Windows

CVE-2023-36897

In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft veröffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36896

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36895

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36894

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36893

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36892

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36891

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36890

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36866

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-36865

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-35372

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-35371

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-29330

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

CVE-2023-29328

Affected products

Known affected 32 products

Product	Identifier	Version
Microsoft Word 2013 RT SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_rt_sp1`	—
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Excel 2013 SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_sp1`	—
Microsoft Excel 2013 RT SP1 Microsoft / Excel	`cpe:/a:microsoft:excel:2013_rt_sp1`	—
Microsoft Office 2019 for Mac Microsoft	`cpe:/a:microsoft:office_2019_for_mac:-`	—
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft Project 2016 Microsoft	`cpe:/a:microsoft:project_2016:-`	—
Microsoft PowerPoint 2013 SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_sp1`	—
Microsoft Word 2016 Microsoft	`cpe:/a:microsoft:word_2016:-`	—
Microsoft PowerPoint 2016 Microsoft	`cpe:/a:microsoft:powerpoint_2016:-`	—
Microsoft Visio 2016 Microsoft	`cpe:/a:microsoft:visio_2016:-`	—
Microsoft Outlook 2016 Microsoft	`cpe:/a:microsoft:outlook_2016:for_mac`	—
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	—
Microsoft Teams for Android Microsoft / Teams	`cpe:/a:microsoft:teams:for_android`	—
Microsoft Teams for Desktop Microsoft / Teams	`cpe:/a:microsoft:teams:for_desktop`	—
Microsoft Office 2013 SP1 Microsoft / Office	`cpe:/a:microsoft:office:2013_sp1`	—
Microsoft Word 2013 SP1 Microsoft / Word	`cpe:/a:microsoft:word:2013_sp1`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Outlook 2013 RT SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_rt_sp1`	—
Microsoft Visio 2013 SP1 Microsoft	`cpe:/a:microsoft:visio:2013_sp1`	—
Microsoft Office 2013 RT SP1 Microsoft	`cpe:/a:microsoft:office_2013_rt:sp1`	—
Microsoft Teams for Mac Microsoft / Teams	`cpe:/a:microsoft:teams:for_mac`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:2016`	—
Microsoft Outlook 2013 SP1 Microsoft / Outlook	`cpe:/a:microsoft:outlook:2013_sp1`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft Publisher 2016 Microsoft	`cpe:/a:microsoft:publisher_2016:-`	—
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	—
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	—
Microsoft PowerPoint 2013 RT SP1 Microsoft / PowerPoint	`cpe:/a:microsoft:powerpoint:2013_rt_sp1`	—
Microsoft Teams for iOS Microsoft / Teams	`cpe:/a:microsoft:teams:for_ios`	—
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool.\r\nMicrosoft Visio ist eine Visualisierungs-Software zur Darstellung von Flu\u00dfdiagrammen, Netzpl\u00e4nen oder Organisationsdiagrammen. Microsoft Visio ist eigenst\u00e4ndiger Bestandteil des Microsoft-Office-Systems.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1999 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1999.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1999 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1999"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2023-08-08",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-08-08T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:56:44.612+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1999",
      "initial_release_date": "2023-08-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T029142",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 SP1",
                "product": {
                  "name": "Microsoft Excel 2013 SP1",
                  "product_id": "T012236",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Excel 2013 RT SP1",
                "product": {
                  "name": "Microsoft Excel 2013 RT SP1",
                  "product_id": "T012632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:excel:2013_rt_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Excel"
          },
          {
            "category": "product_name",
            "name": "Microsoft Excel 2016",
            "product": {
              "name": "Microsoft Excel 2016",
              "product_id": "T013928",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:excel_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Office 2013 SP1",
                "product": {
                  "name": "Microsoft Office 2013 SP1",
                  "product_id": "T011817",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:2013_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T020985",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Office LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T020986",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2013 RT SP1",
            "product": {
              "name": "Microsoft Office 2013 RT SP1",
              "product_id": "T014527",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2013_rt:sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2016",
            "product": {
              "name": "Microsoft Office 2016",
              "product_id": "T013923",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019",
            "product": {
              "name": "Microsoft Office 2019",
              "product_id": "T014534",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019 for Mac",
            "product": {
              "name": "Microsoft Office 2019 for Mac",
              "product_id": "T014533",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019_for_mac:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "921247",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:2016"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013 RT SP1",
                "product": {
                  "name": "Microsoft Outlook 2013 RT SP1",
                  "product_id": "T010466",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Outlook 2013 SP1",
                "product": {
                  "name": "Microsoft Outlook 2013 SP1",
                  "product_id": "T010467",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:outlook:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Outlook"
          },
          {
            "category": "product_name",
            "name": "Microsoft Outlook 2016",
            "product": {
              "name": "Microsoft Outlook 2016",
              "product_id": "T022027",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:outlook_2016:for_mac"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft PowerPoint 2013 RT SP1",
                "product": {
                  "name": "Microsoft PowerPoint 2013 RT SP1",
                  "product_id": "T006380",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powerpoint:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft PowerPoint 2013 SP1",
                "product": {
                  "name": "Microsoft PowerPoint 2013 SP1",
                  "product_id": "T012871",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:powerpoint:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerPoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft PowerPoint 2016",
            "product": {
              "name": "Microsoft PowerPoint 2016",
              "product_id": "T015483",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:powerpoint_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Project 2016",
            "product": {
              "name": "Microsoft Project 2016",
              "product_id": "T014973",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:project_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Publisher 2016",
            "product": {
              "name": "Microsoft Publisher 2016",
              "product_id": "T016268",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:publisher_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T018556",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T021526",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T014523",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Teams for Android",
                "product": {
                  "name": "Microsoft Teams for Android",
                  "product_id": "T022029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_android"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for iOS",
                "product": {
                  "name": "Microsoft Teams for iOS",
                  "product_id": "T022030",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_ios"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for Desktop",
                "product": {
                  "name": "Microsoft Teams for Desktop",
                  "product_id": "T029139",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Teams for Mac",
                "product": {
                  "name": "Microsoft Teams for Mac",
                  "product_id": "T029140",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:teams:for_mac"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Teams"
          },
          {
            "category": "product_name",
            "name": "Microsoft Visio 2013 SP1",
            "product": {
              "name": "Microsoft Visio 2013 SP1",
              "product_id": "T029141",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:visio:2013_sp1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Visio 2016",
            "product": {
              "name": "Microsoft Visio 2016",
              "product_id": "T016271",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:visio_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 RT SP1",
                "product": {
                  "name": "Microsoft Word 2013 RT SP1",
                  "product_id": "T006399",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_rt_sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Word 2013 SP1",
                "product": {
                  "name": "Microsoft Word 2013 SP1",
                  "product_id": "T011714",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:word:2013_sp1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Word"
          },
          {
            "category": "product_name",
            "name": "Microsoft Word 2016",
            "product": {
              "name": "Microsoft Word 2016",
              "product_id": "T015487",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:word_2016:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36897",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36897"
    },
    {
      "cve": "CVE-2023-36896",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36896"
    },
    {
      "cve": "CVE-2023-36895",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36895"
    },
    {
      "cve": "CVE-2023-36894",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36894"
    },
    {
      "cve": "CVE-2023-36893",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36893"
    },
    {
      "cve": "CVE-2023-36892",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36892"
    },
    {
      "cve": "CVE-2023-36891",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36891"
    },
    {
      "cve": "CVE-2023-36890",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36890"
    },
    {
      "cve": "CVE-2023-36866",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36866"
    },
    {
      "cve": "CVE-2023-36865",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-36865"
    },
    {
      "cve": "CVE-2023-35372",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-35372"
    },
    {
      "cve": "CVE-2023-35371",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-35371"
    },
    {
      "cve": "CVE-2023-29330",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29330"
    },
    {
      "cve": "CVE-2023-29328",
      "notes": [
        {
          "category": "description",
          "text": "In verschiedenen Microsoft Office Produkten existieren mehrere Schwachstellen. Microsoft ver\u00f6ffentlicht keine Details zu den Schwachstellen. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006399",
          "T013923",
          "T012236",
          "T012632",
          "T014533",
          "T014534",
          "T014973",
          "T012871",
          "T015487",
          "T015483",
          "T016271",
          "T022027",
          "T020986",
          "T020985",
          "T022029",
          "T029139",
          "T011817",
          "T011714",
          "T029142",
          "T010466",
          "T029141",
          "T014527",
          "T029140",
          "921247",
          "T010467",
          "T014523",
          "T016268",
          "T018556",
          "T021526",
          "T006380",
          "T022030",
          "T013928"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29328"
    }
  ]
}

CVE-2023-29328 (GCVE-0-2023-29328)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:09

Title

Microsoft Teams Remote Code Execution Vulnerability

Summary

Microsoft Teams Remote Code Execution Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Microsoft Teams for Desktop	Affected: 1.0.0 , < 1.6.00.18681 (custom)
Microsoft	Microsoft Teams for iOS	Affected: 2.0.0 , < 5.12.1 (custom)
Microsoft	Microsoft Teams for Android	Affected: 1.0.0 , < 1.0.0.2023070204 (custom)
Microsoft	Microsoft Teams for Mac	Affected: 1.0.0.0 , < 1.6.00.17554 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Teams Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29328",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:54:04.663806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:09:23.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Desktop",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.6.00.18681",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for iOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.12.1",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.0.0.2023070204",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.6.00.17554",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.6.00.18681",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                  "versionEndExcluding": "5.12.1",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                  "versionEndExcluding": "1.0.0.2023070204",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:mac:*:*",
                  "versionEndExcluding": "1.6.00.17554",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:05.681Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Teams Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328"
        }
      ],
      "title": "Microsoft Teams Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29328",
    "datePublished": "2023-08-08T17:08:16.433Z",
    "dateReserved": "2023-04-04T22:34:18.378Z",
    "dateUpdated": "2025-02-27T21:09:23.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29330 (GCVE-0-2023-29330)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:09

Title

Microsoft Teams Remote Code Execution Vulnerability

Summary

Microsoft Teams Remote Code Execution Vulnerability

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Microsoft Teams for Desktop	Affected: 1.0.0 , < 1.6.00.18681 (custom)
Microsoft	Microsoft Teams for Android	Affected: 1.0.0 , < 1.0.0.2023070204 (custom)
Microsoft	Microsoft Teams for Mac	Affected: 1.0.0.0 , < 1.6.00.17554 (custom)
Microsoft	Microsoft Teams for iOS	Affected: 2.0.0 , < 5.12.1 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Teams Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:54:03.223157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:09:16.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Desktop",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.6.00.18681",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.0.0.2023070204",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.6.00.17554",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Teams for iOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.12.1",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.6.00.18681",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                  "versionEndExcluding": "1.0.0.2023070204",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:mac:*:*",
                  "versionEndExcluding": "1.6.00.17554",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                  "versionEndExcluding": "5.12.1",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:05.180Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Teams Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330"
        }
      ],
      "title": "Microsoft Teams Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29330",
    "datePublished": "2023-08-08T17:08:17.120Z",
    "dateReserved": "2023-04-04T22:34:18.378Z",
    "dateUpdated": "2025-02-27T21:09:16.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-35371 (GCVE-0-2023-35371)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07

Title

Microsoft Office Remote Code Execution Vulnerability

Summary

Microsoft Office Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-415 - Double Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

6 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2019 for Mac	Affected: 16.0.0 , < 16.76.23081101 (custom)
Microsoft	Microsoft Office Online Server	Affected: 16.0.1 , < 16.0.10401.20022 (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.76.23081101 (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:59.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35371",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:42.835680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:07:08.761Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.76.23081101",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10401.20022",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.76.23081101",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.76.23081101",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10401.20022",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*",
                  "versionEndExcluding": "16.76.23081101",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415: Double Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:04.048Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-35371",
    "datePublished": "2023-08-08T17:08:46.816Z",
    "dateReserved": "2023-06-14T23:09:47.636Z",
    "dateUpdated": "2025-02-27T21:07:08.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-35372 (GCVE-0-2023-35372)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07

Title

Microsoft Office Visio Remote Code Execution Vulnerability

Summary

Microsoft Office Visio Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Visio 2016	Affected: 16.0.1 , < 5439.1000 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:59.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:41.384018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:07:03.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5439.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5439.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:04.579Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-35372",
    "datePublished": "2023-08-08T17:08:47.346Z",
    "dateReserved": "2023-06-14T23:09:47.636Z",
    "dateUpdated": "2025-02-27T21:07:03.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36865 (GCVE-0-2023-36865)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:09

Title

Microsoft Office Visio Remote Code Execution Vulnerability

Summary

Microsoft Office Visio Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36865",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:55.199977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:09:04.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:58:34.920Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36865",
    "datePublished": "2023-08-08T17:08:18.838Z",
    "dateReserved": "2023-06-27T20:26:38.143Z",
    "dateUpdated": "2025-02-27T21:09:04.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36866 (GCVE-0-2023-36866)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:08

Title

Microsoft Office Visio Remote Code Execution Vulnerability

Summary

Microsoft Office Visio Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Visio 2016	Affected: 16.0.1 , < 5439.1000 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36866",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:53.631558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:08:59.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Visio 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5439.1000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5439.1000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:58:35.518Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Visio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866"
        }
      ],
      "title": "Microsoft Office Visio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36866",
    "datePublished": "2023-08-08T17:08:19.389Z",
    "dateReserved": "2023-06-27T20:26:38.144Z",
    "dateUpdated": "2025-02-27T21:08:59.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36890 (GCVE-0-2023-36890)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:06

Title

Microsoft SharePoint Server Information Disclosure Vulnerability

Summary

Microsoft SharePoint Server Information Disclosure Vulnerability

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

CWE-284 - Improper Access Control

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10401.20025 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20684 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:41.675807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:06:58.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10401.20025",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20684",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10401.20025",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20684",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:08.031Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890"
        }
      ],
      "title": "Microsoft SharePoint Server Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36890",
    "datePublished": "2023-08-08T17:08:49.061Z",
    "dateReserved": "2023-06-27T20:28:32.380Z",
    "dateUpdated": "2025-02-27T21:06:58.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36891 (GCVE-0-2023-36891)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:06

Title

Microsoft SharePoint Server Spoofing Vulnerability

Summary

Microsoft SharePoint Server Spoofing Vulnerability

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10401.20025 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20684 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:39.983669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:06:50.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10401.20025",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20684",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10401.20025",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20684",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:08.483Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891"
        }
      ],
      "title": "Microsoft SharePoint Server Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36891",
    "datePublished": "2023-08-08T17:08:49.648Z",
    "dateReserved": "2023-06-27T20:28:32.380Z",
    "dateUpdated": "2025-02-27T21:06:50.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36892 (GCVE-0-2023-36892)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59

Title

Microsoft SharePoint Server Spoofing Vulnerability

Summary

Microsoft SharePoint Server Spoofing Vulnerability

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10401.20025 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.16130.20684 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T20:32:01.002433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T14:46:27.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft SharePoint Server Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10401.20025",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.16130.20684",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10401.20025",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.16130.20684",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft SharePoint Server Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:09.027Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892"
        }
      ],
      "title": "Microsoft SharePoint Server Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36892",
    "datePublished": "2023-08-08T17:08:50.214Z",
    "dateReserved": "2023-06-27T20:28:32.381Z",
    "dateUpdated": "2025-01-01T01:59:09.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36893 (GCVE-0-2023-36893)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:06

Title

Microsoft Outlook Spoofing Vulnerability

Summary

Microsoft Outlook Spoofing Vulnerability

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Outlook 2016	Affected: 16.0.0.0 , < 16.0.5408.1000 (custom)
Microsoft	Microsoft Outlook 2013 Service Pack 1	Affected: 15.0.0.0 , < 15.0.5579.1000 (custom)

Date Public

2023-08-08 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Outlook Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:40.277612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:06:43.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Outlook 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5408.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Microsoft Outlook 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5579.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*",
                  "versionEndExcluding": "16.0.5408.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*",
                  "versionEndExcluding": "15.0.5579.1000",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Outlook Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:09.524Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Outlook Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893"
        }
      ],
      "title": "Microsoft Outlook Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36893",
    "datePublished": "2023-08-08T17:08:50.775Z",
    "dateReserved": "2023-06-27T20:28:32.381Z",
    "dateUpdated": "2025-02-27T21:06:43.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1999

CVE-2023-29328 (GCVE-0-2023-29328)

CVE-2023-29330 (GCVE-0-2023-29330)

CVE-2023-35371 (GCVE-0-2023-35371)

CVE-2023-35372 (GCVE-0-2023-35372)

CVE-2023-36865 (GCVE-0-2023-36865)

CVE-2023-36866 (GCVE-0-2023-36866)

CVE-2023-36890 (GCVE-0-2023-36890)

CVE-2023-36891 (GCVE-0-2023-36891)

CVE-2023-36892 (GCVE-0-2023-36892)

CVE-2023-36893 (GCVE-0-2023-36893)

Tags

Sightings

Nomenclature