CVE-2023-36897

EPSS 0.16%
Published 08.08.2023 18:15:15
Last modified 21.11.2024 08:10:52
Source secure@microsoft.com
Teams watchlist Login
Open Login

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise HwPlatformx64

Microsoft ≫ 365 Apps Version- SwEditionenterprise HwPlatformx86

Microsoft ≫ Office Version2019 HwPlatformx64

Microsoft ≫ Office Version2019 HwPlatformx86

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx64

Microsoft ≫ Office Version2021 SwEditionltsc HwPlatformx86

Microsoft ≫ Visual Studio 2010 Tools For Office Runtime Version-

Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.56

Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.11.29

Microsoft ≫ Visual Studio 2022 SwPlatform- Version >= 17.2.0 < 17.2.18

Microsoft ≫ Visual Studio 2022 SwPlatform- Version >= 17.4.0 < 17.4.10

Microsoft ≫ Visual Studio 2022 Version >= 17.6.0 < 17.6.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
secure@microsoft.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-36897

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-36897

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-36897

EUVD