CVE-2023-36568

2023-10-1018:15:13

CWE-59

[email protected]

web.nvd.nist.gov

cve-2023-36568

microsoft

office

click-to-run

elevation of privilege

vulnerability

nvd

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Affected configurations

Vulners

NVD

Node

microsoftmicrosoft_office_2019Match19.0.0

microsoft365_appsMatch16.0.1

microsoftmicrosoft_office_ltsc_2021Match16.0.1

VendorProductVersionCPE
microsoftmicrosoft_office_201919.0.0cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:*:*:*:*:*:*:*
microsoft365_apps16.0.1cpe:2.3:a:microsoft:365_apps:16.0.1:*:*:*:*:*:*:*
microsoftmicrosoft_office_ltsc_202116.0.1cpe:2.3:a:microsoft:microsoft_office_ltsc_2021:16.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	microsoft_office_2019	19.0.0	cpe:2.3:a:microsoft:microsoft_office_2019:19.0.0:::::::*
microsoft	365_apps	16.0.1	cpe:2.3:a:microsoft:365_apps:16.0.1:::::::*
microsoft	microsoft_office_ltsc_2021	16.0.1	cpe:2.3:a:microsoft:microsoft_office_ltsc_2021:16.0.1:::::::*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft 365 Apps for Enterprise",
    "cpes": [
      "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office LTSC 2021",
    "cpes": [
      "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]