Vulnerability Details : CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability

Vulnerability category: Information leak

Published 2023-09-12 17:15:12

Updated 2023-09-14 22:42:37

View at NVD, CVE.org

CVE-2023-36761 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Word Information Disclosure Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761

Added on 2023-09-12 Action due date 2023-10-03

Exploit prediction scoring system (EPSS) score for CVE-2023-36761

Probability of exploitation activity in the next 30 days: 57.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	2.5	3.6	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: [email protected] (Primary)

Microsoft » Office » Version: 2019 For X64
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
Matching versions
Microsoft » Office » Version: 2019 For X86
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 For X86
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:x86:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 For X64
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » 365 Apps » Version: N/A Enterprise Edition For X64
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
Matching versions
Microsoft » 365 Apps » Version: N/A Enterprise Edition For X86
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
Matching versions
Microsoft » Office Long Term Servicing Channel » Version: 2021 For X86
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*
Matching versions
Microsoft » Office Long Term Servicing Channel » Version: 2021 For X64
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*
Matching versions