CVE-2023-23399
Microsoft Excel Remote Code Execution Vulnerability
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.8EPSS 2.5%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
14 Mar 2023Published on NVD
08 Apr 2023Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Microsoft Excel Remote Code Execution Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft 365 Apps for EnterpriseMicrosoft · Microsoft Excel 2013 Service Pack 1Microsoft · Microsoft Excel 2016Microsoft · Microsoft Office 2013 Service Pack 1Microsoft · Microsoft Office 2016Microsoft · Microsoft Office 2019Microsoft · Microsoft Office 2019 for MacMicrosoft · Microsoft Office LTSC 2021Microsoft · Microsoft Office LTSC for Mac 2021Microsoft · Microsoft Office Online ServerMicrosoft · Microsoft Office Web Apps Server 2013 Service Pack 1public PoCs found — 1
exploitdbwww.exploit-db.com/exploits/51328unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →