CVE-2023-36884 Information

Description

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However an attacker would have to convince the victim to open the malicious file.

Upon completion of this investigation Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update depending on customer needs.

Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978  Entry for important information about steps you can take to protect your system from this vulnerability.

This CVE will be updated with new information and links to security updates when they become available.

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

NONE

Base Severity

0.0