Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2023-33137
HistoryJun 14, 2023 - 12:15 a.m.

CVE-2023-33137

2023-06-1400:15:12
CWE-415
microsoft
web.nvd.nist.gov
125
In Wild
microsoft
excel
remote code execution
vulnerability
nvd
cve-2023-33137

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Microsoft Excel Remote Code Execution Vulnerability

Affected configurations

Nvd
Vulners
Node
microsoftofficeMatch2013sp1x64
OR
microsoftofficeMatch2013sp1x86
OR
microsoftofficeMatch2013sp1rt
OR
microsoftofficeMatch2016x64
OR
microsoftofficeMatch2016x86
OR
microsoftofficeMatch2019x64
OR
microsoftofficeMatch2019x86
OR
microsoftoffice_online_serverMatch-
VendorProductVersionCPE
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*
microsoftoffice2019cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
microsoftoffice2019cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
microsoftoffice_online_server-cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office Online Server",
    "cpes": [
      "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "16.0.10399.20000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Excel 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0.0",
        "lessThan": "16.0.5400.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Excel 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
      "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*"
    ],
    "platforms": [
      "ARM64-based Systems",
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0.0",
        "lessThan": "15.0.5563.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Related

attackerkb 1
nvd 1
exploitdb 1
prion 1
cvelist 1
mscve 1
packetstorm 1
nessus 3
openvas 3
mskb 3
kaspersky 1
rapid7blog 1
attackerkb
attackerkb
CVE-2023-33137
2023-06-14 00:00:00
nvd
nvd
CVE-2023-33137
2023-06-14 00:15:12
exploitdb
exploitdb
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
2023-07-03 00:00:00
prion
prion
Remote code execution
2023-06-14 00:15:00
cvelist
cvelist
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability
2023-06-13 23:25:54
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2023-06-13 07:00:00
packetstorm
packetstorm
Microsoft Excel / 365 MSO Remote Code Execution
2023-06-27 00:00:00
nessus
nessus
Security Updates for Microsoft Office Online Server (June 2023)
2023-06-16 00:00:00
Security Updates for Microsoft Excel Products (June 2023)
2023-06-13 00:00:00
Security Updates for Microsoft Excel Products C2R (June 2023)
2023-06-14 00:00:00
openvas
openvas
Microsoft Excel 2016 Multiple Vulnerabilities (KB5002405))
2023-06-14 00:00:00
Microsoft Excel 2013 Service Pack 1 Mulptiple Vulnerabilities (KBKB5002414)
2023-06-14 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jun 2023)
2023-06-14 00:00:00
mskb
mskb
Description of the security update for Office Online Server: June 13, 2023 (KB5002401)
2023-06-13 07:00:00
Description of the security update for Excel 2013: June 13, 2023 (KB5002414)
2023-06-13 07:00:00
Description of the security update for Excel 2016: June 13, 2023 (KB5002405)
2023-06-13 07:00:00
kaspersky
kaspersky
KLA50318 Multiple vulnerabilities in Microsoft Office
2023-06-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - June 2023
2023-06-13 20:49:27

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON
Related for CVE-2023-33137
attackerkb1nvd1exploitdb1prion1cvelist1mscve1packetstorm1nessus3openvas3mskb3kaspersky1rapid7blog1