VDB
CVE-2023-29357
CVE-2023-29357
PUBLISHED
KEV
Es existieren mehrere Schwachstellen in verschiedenen Microsoft Office Produkten. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
EPSS 94.36% · 100.0th percentile
Risk Scores
EPSS Score
94.36%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Office 2019 | |
| Microsoft | Microsoft Outlook 2013 RT SP1 | |
| Microsoft | Microsoft Office 2019 for Mac | |
| Microsoft | Microsoft Outlook 2013 | |
| Microsoft | Microsoft 365 Apps | |
| Microsoft | Microsoft Office Online Server | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | |
| Microsoft | Microsoft Excel 2013 RT SP1 | |
| Microsoft | Microsoft Outlook 2016 | |
| Microsoft | Microsoft Excel 2016 | |
| Microsoft | Microsoft Excel 2013 SP1 | |
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | |
| Microsoft | Microsoft Office LTSC for Mac 2021 | |
| Microsoft | Microsoft Office LTSC 2021 | |
| Microsoft | Microsoft OneNote for Universal | |
| Microsoft | Microsoft SharePoint Server 2019 |
Exploit Intelligence
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation (github-poc-repo)
- DeividasTerechovas/SOC227-Microsoft-SharePoint-Server-Elevation-of-Privilege-Possible-CVE-2023-29357-Exploitation (github-poc-repo)
…and 2319 more exploits
Timeline
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- May 1, 2023 Metasploit Module
- Jun 13, 2023 CVE Published
- Jun 14, 2023 EPSS Score
- Jun 14, 2023 PoC Published
- Jun 19, 2023 CVE Updated
- Sep 29, 2023 PoC Published
- Sep 29, 2023 Nuclei Template
- Sep 29, 2023 Fix Commit
- Sep 30, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1443.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1443 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.exploit-db.com/exploits/51555 exploit
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html exploit