When exploited, the vulnerability allows adversaries to execute arbitrary commands with the victim's privileges via malicious RTF files. The vulnerability is a heap corruption vulnerability found in MS Office Word's RTF parser. Start Simulating CVE-2023-21716 Attacks with a 14-day free trial of the Picus Platform What is CVE-2023-21716 Vulnerability?ĬVE-2023-21716 vulnerability was privately disclosed to Microsoft in November 2022, and Microsoft addressed the vulnerability in their Patch Tuesday updates on February 14, 2023. In this blog, we explained the Microsoft Word CVE-2023-21716 remote code execution vulnerability in detail. ![]() Picus Labs added simulations for CVE-2023-21716 vulnerability exploitation attacks to Picus Threat Library. ![]() Users are advised to update to the latest versions as soon as possible. ![]() CVE-2023-21716 vulnerability has a CVSS score of 9.8 (Critical) and affects a wide variety of Microsoft Office, SharePoint, and 365 Apps versions. CVE-2023-21716: Microsoft Word Remote Code Execution Exploit ExplainedĪs a part of Patch Tuesday, Microsoft released patches for a critical remote code execution vulnerability found in Office Word's RTF parser.
0 Comments
Leave a Reply. |