Lucene search
HistoryJul 11, 2023 - 6:15 p.m.
CVE-2023-33148
cve-2023-33148
microsoft
office
elevation
privilege
vulnerability
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.0%
Microsoft Office Elevation of Privilege Vulnerability
Affected configurations
Node
microsoftofficeRange15.0.0.0–2013click-to-run
ORmicrosoftmicrosoft_office_2019Match19.0.0
ORmicrosoft365_appsMatch16.0.1
ORmicrosoftmicrosoft_office_ltsc_2021Match16.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | office | * | cpe:2.3:a:microsoft:office:*:*:*:*:click-to-run:*:*:* |
| microsoft | microsoft_office_2019 | 19.0.0 | cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:*:*:*:*:*:*:* |
| microsoft | 365_apps | 16.0.1 | cpe:2.3:a:microsoft:365_apps:16.0.1:*:*:*:*:*:*:* |
| microsoft | microsoft_office_ltsc_2021 | 16.0.1 | cpe:2.3:a:microsoft:microsoft_office_ltsc_2021:16.0.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft Office 2013 Click-to-Run (C2R)",
"cpes": [
"cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:x86:*",
"cpe:2.3:a:microsoft:office:2013:*:*:*:click-to-run:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "15.0.0.0",
"lessThan": "15.0.5571.1000",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office 2019",
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "19.0.0",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft 365 Apps for Enterprise",
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office LTSC 2021",
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
mscve
mscve
Microsoft Office Elevation of Privilege Vulnerability
2023-07-11 07:00:00
cvelist
cvelist
CVE-2023-33148 Microsoft Office Elevation of Privilege Vulnerability
2023-07-11 17:02:16
packetstorm
packetstorm
Microsoft Office 365 18.2305.1222.0 Remote Code Execution
2023-07-19 00:00:00
zdt
zdt
prion
prion
Privilege escalation
2023-07-11 18:15:00
nvd
nvd
CVE-2023-33148
2023-07-11 18:15:14
exploitdb
exploitdb
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
2023-07-20 00:00:00
nessus
nessus
Security Updates for Microsoft Office Products C2R (July 2023)
2023-07-12 00:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2023)
2023-07-12 00:00:00
kaspersky
kaspersky
KLA50773 Multiple vulnerabilities in Microsoft Office
2023-07-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2023
2023-07-11 21:50:34
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.0%
Related for CVE-2023-33148