CVE-2023-23396 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-23396 PUBLISHED CVSS 6.5 MEDIUM

Microsoft Outlook Elevation of Privilege Vulnerability

EPSS 6.49% · 91.0th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

EPSS Score

6.49%

91.0th percentile

Affected Products

Vendor	Product	Versions
microsoft	outlook	15.0.0.0, 16.0.0.0
microsoft	office_online_server	16.0.1
Microsoft	Microsoft Office LTSC 2021	16.0.1
Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1	15.0.1
microsoft	365_apps	16.0.1
Microsoft	Microsoft 365 Apps for Enterprise	16.0.1
Microsoft	Microsoft Outlook 2013 Service Pack 1	15.0.0.0
microsoft	office_long_term_servicing_channel	16.0.1
microsoft	office	19.0.0
Microsoft	Microsoft Office 2019	19.0.0
microsoft	office_web_apps_server	15.0.1, 2013, 2013
Microsoft	Microsoft Outlook 2016	16.0.0.0
Microsoft	Microsoft Office Online Server	16.0.1

Timeline

Mar 14, 2023 CVE Published
Mar 14, 2023 PoC Published
Mar 15, 2023 EPSS Score
Mar 15, 2023 PoC Published
Mar 15, 2023 PoC Published
Mar 15, 2023 PoC Published
Mar 15, 2023 PoC Published
Mar 15, 2023 PoC Published
Mar 16, 2023 PoC Published
Mar 23, 2023 PoC Published
Mar 25, 2023 PoC Published
Mar 30, 2023 PoC Published

References

https://msrc.microsoft.com/update-guide/ advisory
Microsoft Excel Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-23396 advisory
Microsoft Outlook Elevation of Privilege Vulnerability vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 url

Open in Interactive Console →