CVE-2023-21715

Microsoft Publisher Security Feature Bypass Vulnerability

CVSS 7.3 HIGHEPSS 12.1%● KEVCWE-863

In short

Microsoft Publisher has a security feature bypass vulnerability that allows an attacker to circumvent built-in protections. An attacker could exploit this by tricking a user into opening a specially crafted file, potentially leading to unauthorized code execution.

Technical detail

CWE-863 (Incorrect Authorization) vulnerability in Microsoft Publisher enables an attacker to bypass security features through a crafted file. The attack requires user interaction (file opening) and can result in code execution with the privileges of the affected user.

Summary generated and translated by AI from the official description.

Microsoft Publisher Security Feature Bypass Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft 365 Apps for Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21715