Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-23-050HistoryJan 18, 2023 - 12:00 a.m.
Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
2023-01-1800:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
13
microsoft excel
skp file parsing
remote code execution
vulnerability
user interaction
malicious page
malicious file
parsing
skp files
object validation
current process
0.003 Low
EPSS
Percentile
66.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
nvd
nvd
CVE-2022-47213
2022-12-13 19:15:15
mscve
mscve
Microsoft Office Graphics Remote Code Execution Vulnerability
2022-12-13 08:00:00
prion
prion
Remote code execution
2022-12-13 19:15:00
cvelist
cvelist
CVE-2022-47213 Microsoft Office Graphics Remote Code Execution Vulnerability
2022-12-13 00:00:00
cve
cve
CVE-2022-47213
2022-12-13 19:15:15
cnvd
cnvd
nessus
nessus
Security Updates for Microsoft Office Products C2R (December 2022)
2022-12-14 00:00:00
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2022)
2022-12-14 00:00:00
kaspersky
kaspersky
KLA20121 Multiple vulnerabilities in Microsoft Office
2022-12-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2022
2022-12-13 21:24:06