Microsoft Word Remote Code Execution Vulnerability CVE-2023-21716

Proof of Concept (PoC) code released for remote code execution vulnerability CVE-2023-21716 in Microsoft Word

Threat ID:: CC-4276
Threat Severity:: Medium
Published:: 9 March 2023 12:24 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Proof of Concept (PoC) code released for remote code execution vulnerability CVE-2023-21716 in Microsoft Word

Affected platforms

The following platforms are known to be affected:

Microsoft 365 Apps for enterprise

Affected Microsoft 365 Apps for Enterprise products:

365 Apps for Enterprise for 32-bit Systems
365 Apps for Enterprise for 64-bit Systems

Microsoft Office

Affected Microsoft Office products:

Office 2019 for 32-bit editions
Office 2019 for 64-bit editions
Office 2019 for Mac
Office Long-Term Servicing Channel (LTSC) 2021 for 32-bit editions
Office Long-Term Servicing Channel (LTSC) 2021 for 64-bit editions
Office Long-Term Servicing Channel (LTSC) for Mac 2021
Office Online Server
Office Web Apps Server 2013 Service Pack 1

Microsoft SharePoint Server

Affected Microsoft SharePoint products:

SharePoint Enterprise Server 2013 Service Pack 1
SharePoint Enterprise Server 2016
SharePoint Foundation 2013 Service Pack 1
SharePoint Server 2019
SharePoint Server Subscription Edition
SharePoint Server Subscription Edition Language Pack

Versions: Word 2013 - Service Pack 1 (both 32-bit and 64-bit editions) and RT Service Pack 1, Word 2016 - both 32-bit and 64-bit editions

Microsoft Word

Affected Microsoft Word products:

Word 2013 RT Service Pack 1
Word 2013 Service Pack 1 (32-bit editions)
Word 2013 Service Pack 1 (64-bit editions)
Word 2016 (32-bit edition)
Word 2016 (64-bit edition)

Threat details

Introduction

A proof-of-concept (PoC) has been publicly released for a remote code execution (RCE) vulnerability in Microsoft Word, which has a CVSSv3.1 score of 9.8. An unauthenticated, remote attacker could embed malicious code in a crafted rich-text format (RTF) document which, when opened or previewed by a user running vulnerable software, would allow RCE with the privileges of the affected user. An attacker could deliver this file as an email attachment or by other means.

This PoC leads to a crash condition by corrupting the heap but does not allow code execution in its current form. With a properly crafted heap layout, an attacker could potentially cause the heap corruption to yield arbitrary code execution.

Although there is no known exploitation at present, a publicly available PoC can significantly increase the likelihood of exploitation in the wild.

Remediation advice

Affected organisations are highly encouraged to read the advisory for Microsoft Word Remote Code Execution Vulnerability CVE-2023-21716 and apply necessary security updates or workarounds.

Definitive source of threat updates

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

CVE Vulnerabilities

Status Published

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

Last edited: 9 March 2023 12:24 pm