{ "id": "CVE-2023-36884", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-11T19:15:09.623", "lastModified": "2023-08-08T19:15:10.140", "vulnStatus": "Modified", "cisaExploitAdd": "2023-07-17", "cisaActionDue": "2023-08-07", "cisaRequiredAction": "Follow \"CVE-2023-36884 Specific Recommendations\" per vendor instructions. [https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/]", "cisaVulnerabilityName": "Microsoft Office and Windows HTML Remote Code Execution Vulnerability", "descriptions": [ { "lang": "en", "value": "Windows Search Remote Code Execution Vulnerability" } ], "metrics": { "cvssMetricV31": [ { "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.6, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", "matchCriteriaId": "1AC0C23F-FC55-4DA1-8527-EB4432038FB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", "matchCriteriaId": "A719B461-7869-46D0-9300-D0A348DC26A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "32E1400A-836A-4E48-B2CD-2B0A9A8241BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", "matchCriteriaId": "4DA042D4-B14E-4DDF-8423-DFB255679EFE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", "matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", "matchCriteriaId": "61959ACC-B608-4556-92AF-4D94B338907A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "matchCriteriaId": "747ED159-1972-4310-AAD1-8E02AFB08826" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "matchCriteriaId": "62B9100B-206D-4FD1-8D23-A355DCA37460" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" } ] } ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Jul/43", "source": "secure@microsoft.com", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884", "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }