VDB
CVE-2023-33140
CVE-2023-33140
PUBLISHED
Es existieren mehrere Schwachstellen in verschiedenen Microsoft Office Produkten. Die Fehler sind noch nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
EPSS 5.53% · 90.4th percentile
Risk Scores
EPSS Score
5.53%
90.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Office 2019 for Mac | |
| Microsoft | Microsoft Outlook 2013 RT SP1 | |
| Microsoft | Microsoft Outlook 2016 | |
| Microsoft | Microsoft Excel 2013 SP1 | |
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | |
| Microsoft | Microsoft Excel 2016 | |
| Microsoft | Microsoft Office LTSC for Mac 2021 | |
| Microsoft | Microsoft Outlook 2013 | |
| Microsoft | Microsoft Office 2019 | |
| Microsoft | Microsoft Office Online Server | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | |
| Microsoft | Microsoft Office LTSC 2021 | |
| Microsoft | Microsoft Excel 2013 RT SP1 | |
| Microsoft | Microsoft SharePoint Server 2019 | |
| Microsoft | Microsoft 365 Apps | |
| Microsoft | Microsoft OneNote for Universal |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2023-33140/Microsoft%20OneNote%20(Version%202305%20Build%2016.0.16501.20074)%2064-bit%20-%20Spoofing%20Vulnerability.txt (nist-nvd)
- https://www.exploit-db.com/exploits/51555 (certbund)
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html (certbund)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
- expl_sharepoint_cve_2023_29357.yar (github-yara)
…and 212 more exploits
Timeline
- Jun 13, 2023 CVE Published
- Jun 14, 2023 EPSS Score
- Jun 26, 2023 PoC Published
- Jul 20, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 8, 2023 PoC Published
- Dec 11, 2023 PoC Published
- Jan 13, 2024 EPSS Score
- Feb 18, 2024 EPSS Score
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1443.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1443 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.exploit-db.com/exploits/51555 exploit
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html exploit