7.8

CVE-2023-33137

Microsoft Excel Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2013 Updatesp1 HwPlatformx64
MicrosoftOffice Version2013 Updatesp1 HwPlatformx86
MicrosoftOffice Version2013 Updatesp1 SwEditionrt
MicrosoftOffice Version2016 HwPlatformx64
MicrosoftOffice Version2016 HwPlatformx86
MicrosoftOffice Version2019 HwPlatformx64
MicrosoftOffice Version2019 HwPlatformx86
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.57% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.