CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-33148 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-33148
Microsoft Office Elevation of Privilege Vulnerability Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file. • https://www.exploit-db.com/exploits/51609 http://packetstormsecurity.com/files/173591/Microsoft-Office-365-18.2305.1222.0-Remote-Code-Execution.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-33137 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33137
Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel and Microsoft 365 MSO version 2305 build 16.0.16501.20074 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/51555 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-23399 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23399
Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel 365 MSO version 2302 build 16.0.16130.20186 64-bit suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/51328 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-38048 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38048
Microsoft Office Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Office This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOCX files. Crafted data in a DOCX file can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38048 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-37962 – Microsoft PowerPoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-37962
Microsoft PowerPoint Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft PowerPoint This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPTX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37962 •