8.1

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Visual Studio Tools for Office Runtime Spoofing Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx64
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx86
MicrosoftOffice Version2019 HwPlatformx64
MicrosoftOffice Version2019 HwPlatformx86
MicrosoftOffice Long Term Servicing Channel Version2021 HwPlatformx64
MicrosoftOffice Long Term Servicing Channel Version2021 HwPlatformx86
MicrosoftVisual Studio 2017 Version >= 15.0 < 15.9.56
MicrosoftVisual Studio 2019 Version >= 16.0 < 16.11.29
MicrosoftVisual Studio 2022 SwPlatform- Version >= 17.2.0 < 17.2.18
MicrosoftVisual Studio 2022 SwPlatform- Version >= 17.4.0 < 17.4.10
MicrosoftVisual Studio 2022 Version >= 17.6.0 < 17.6.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.727
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
secure@microsoft.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897
Patch
Vendor Advisory