VDB
CVE-2023-36884
CVE-2023-36884
PUBLISHED
KEV
CVSS 8.699999809265137 HIGH
In Microsoft 365 Apps, Microsoft Excel, Microsoft Office, Microsoft Office Online Server, Microsoft Outlook, Microsoft SharePoint und Microsoft Word existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 92.97% · 99.8th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
92.97%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Excel 2013 SP1 | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Word 2013 RT SP1 | |
| Fedora | Fedora Linux | |
| Microsoft | Microsoft Office 2016 | |
| Amazon | Amazon Linux 2 | |
| Microsoft | Microsoft Outlook 2013 | |
| Microsoft | Microsoft Excel 2013 RT SP1 | |
| Microsoft | Microsoft Office 2013 Click-to-Run (C2R) | |
| Microsoft | Microsoft Office LTSC for Mac 2021 | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Hitachi | Hitachi Storage Virtual Storage Platform | |
| Microsoft | Microsoft Office 2013 RT SP1 | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows 11 version 21H2 | |
| Microsoft | Microsoft Office LTSC 2021 |
…and 25 more
Exploit Intelligence
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit (github-poc)
- #comeonits2023 #ie9 #Storm-0978 (github-poc)
- #comeonits2023 #ie9 #Storm-0978 (github-poc)
…and 150 more exploits
Timeline
- Jul 2, 2021 PoC Published
- Jul 11, 2023 CVE Published
- Jul 12, 2023 PoC Published
- Jul 12, 2023 EPSS Score
- Jul 17, 2023 CISA KEV Added
- Jul 26, 2023 EPSS Score
- Aug 8, 2023 PoC Published
- Aug 9, 2023 EPSS Score
- Aug 20, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Sep 23, 2023 PoC Published
- Oct 13, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1720.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1720 advisory
- https://msrc.microsoft.com/update-guide/de-DE/vulnerability/ADV230003 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1718.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1718 advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2023/07.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2031.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2031 advisory
- https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-011_FFPSv7-S11_MediaInstall_Aug2023.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/08/cert_XRX23-012_FFPSv2_Win10_SecurityBulletin_Aug2023.pdf advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2023/08/Xerox-Security-Bulletin-XRX23-013-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf advisory
- https://alas.aws.amazon.com/AL2/ALAS-2023-2331.html advisory
- https://security.gentoo.org/glsa/202408-17 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2025-d2d3a5fa79 advisory