2023-07-12 04:00:31 +00:00
{
"id" : "CVE-2023-36884" ,
"sourceIdentifier" : "secure@microsoft.com" ,
"published" : "2023-07-11T19:15:09.623" ,
2023-08-08 20:00:39 +00:00
"lastModified" : "2023-08-08T19:15:10.140" ,
2023-07-31 23:55:29 +00:00
"vulnStatus" : "Modified" ,
2023-07-26 08:00:30 +00:00
"cisaExploitAdd" : "2023-07-17" ,
"cisaActionDue" : "2023-08-07" ,
"cisaRequiredAction" : "Follow \"CVE-2023-36884 Specific Recommendations\" per vendor instructions. [https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/]" ,
"cisaVulnerabilityName" : "Microsoft Office and Windows HTML Remote Code Execution Vulnerability" ,
2023-07-12 04:00:31 +00:00
"descriptions" : [
{
"lang" : "en" ,
2023-08-08 20:00:39 +00:00
"value" : "Windows Search Remote Code Execution Vulnerability"
2023-07-12 04:00:31 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-07-17 22:00:29 +00:00
{
"source" : "secure@microsoft.com" ,
2023-07-26 08:00:30 +00:00
"type" : "Primary" ,
2023-07-12 04:00:31 +00:00
"cvssData" : {
"version" : "3.1" ,
2023-08-08 20:00:39 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
2023-07-31 23:55:29 +00:00
"attackVector" : "NETWORK" ,
2023-07-12 04:00:31 +00:00
"attackComplexity" : "HIGH" ,
2023-07-31 23:55:29 +00:00
"privilegesRequired" : "NONE" ,
2023-07-12 04:00:31 +00:00
"userInteraction" : "REQUIRED" ,
2023-08-08 20:00:39 +00:00
"scope" : "UNCHANGED" ,
2023-07-31 23:55:29 +00:00
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
2023-08-08 20:00:39 +00:00
"baseScore" : 7.5 ,
2023-07-31 23:55:29 +00:00
"baseSeverity" : "HIGH"
2023-07-12 04:00:31 +00:00
} ,
2023-07-31 23:55:29 +00:00
"exploitabilityScore" : 1.6 ,
2023-08-08 20:00:39 +00:00
"impactScore" : 5.9
2023-07-26 08:00:30 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
2023-07-12 04:00:31 +00:00
}
]
} ,
2023-07-17 22:00:29 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "CF5DDD09-902E-4881-98D0-CB896333B4AA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "26A3B226-5D7C-4556-9350-5222DC8EFC2C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*" ,
"matchCriteriaId" : "1AC0C23F-FC55-4DA1-8527-EB4432038FB0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*" ,
"matchCriteriaId" : "A719B461-7869-46D0-9300-D0A348DC26A5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "32E1400A-836A-4E48-B2CD-2B0A9A8241BA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DA042D4-B14E-4DDF-8423-DFB255679EFE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "A045AC0A-471E-444C-B3B0-4CABC23E8CFB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "0A1BC97A-263E-4291-8AEF-02EE4E6031E9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*" ,
"matchCriteriaId" : "73D24713-D897-408D-893B-77A61982597D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "306B7CE6-8239-4AED-9ED4-4C9F5B349F58"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "345FCD64-D37B-425B-B64C-8B1640B7E850"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*" ,
"matchCriteriaId" : "8FC46499-DB6E-48BF-9334-85EE27AFE7AF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "83A79DD6-E74E-419F-93F1-323B68502633"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "61959ACC-B608-4556-92AF-4D94B338907A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*" ,
"matchCriteriaId" : "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "C230D3BF-7FCE-405C-B62E-B9190C995C3C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*" ,
"matchCriteriaId" : "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*" ,
"matchCriteriaId" : "747ED159-1972-4310-AAD1-8E02AFB08826"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "62B9100B-206D-4FD1-8D23-A355DCA37460"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*" ,
"matchCriteriaId" : "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*" ,
"matchCriteriaId" : "0C3552E0-F793-4CDD-965D-457495475805"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "5F422A8C-2C4E-42C8-B420-E0728037E15C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*" ,
"matchCriteriaId" : "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB18C4CE-5917-401E-ACF7-2747084FD36E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB79EE26-FC32-417D-A49C-A1A63165A968"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
}
] ,
2023-07-12 04:00:31 +00:00
"references" : [
2023-08-08 20:00:39 +00:00
{
"url" : "http://seclists.org/fulldisclosure/2023/Jul/43" ,
"source" : "secure@microsoft.com" ,
"tags" : [
"Broken Link" ,
"Mailing List" ,
"Third Party Advisory"
]
} ,
2023-07-12 04:00:31 +00:00
{
"url" : "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884" ,
2023-07-17 22:00:29 +00:00
"source" : "secure@microsoft.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-07-12 04:00:31 +00:00
}
]
}
