CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability

CVSS 6.5 MEDIUMEPSS 19.0%● KEVCWE-20

In short

Microsoft Word can leak sensitive information from documents when processing specially crafted files, allowing attackers to view data they shouldn't have access to.

Technical detail

An improper input validation vulnerability (CWE-20) in Microsoft Word allows information disclosure through maliciously crafted document files. The attack requires user interaction (document opening) and can expose sensitive content residing in memory or the document structure without requiring elevated privileges.

Summary generated and translated by AI from the official description.

Microsoft Word Information Disclosure Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft 365 Apps for Enterprise Microsoft · Microsoft Office 2019 Microsoft · Microsoft Office LTSC 2021 Microsoft · Microsoft Word 2013 Service Pack 1 Microsoft · Microsoft Word 2016

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36761