CVE-2023-36761

Warning

EPSS 3.71%
Published 12.09.2023 17:15:11
Last modified 23.01.2025 18:53:17
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Word Information Disclosure Vulnerability

Affected products Warnungen 1 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise HwPlatformx64

Microsoft ≫ 365 Apps Version- SwEditionenterprise HwPlatformx86

Microsoft ≫ Office Version2019 HwPlatformx64

Microsoft ≫ Office Version2019 HwPlatformx86

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx64

Microsoft ≫ Office Long Term Servicing Channel Version2021 HwPlatformx86

Microsoft ≫ Word Version2013 Updatesp1 HwPlatformx64

Microsoft ≫ Word Version2013 Updatesp1 HwPlatformx86

Microsoft ≫ Word Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Word Version2016 HwPlatformx64

Microsoft ≫ Word Version2016 HwPlatformx86

12.09.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Word Information Disclosure Vulnerability

Vulnerability

Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.71%	0.875

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
secure@microsoft.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-36761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-36761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-36761

EUVD