QID 92038

Date Published: 2023-07-12

QID 92038: Microsoft Office and Windows HTML Remote Code Execution Vulnerability (Zero Day) for July 2023

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

QID Detection Logic (Authenticated):
Detection checks for the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION" and the following application names to this registry key as values of type REG_DWORD with data 1. Excel.exe
Graph.exe
MSAccess.exe
MSPub.exe
PowerPnt.exe
Visio.exe
WinProj.exe
WinWord.exe
Wordpad.exe

An attacker can create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 7.6 severity.
    • Solution
    There are no vendor supplied patches available. Refer to vendor advisory CVE-2023-36884
    for workarounds and updates.
    Vendor References

    CVEs related to QID 92038

    CVE-2023-36884 |
    Software Advisories
    Advisory ID Software Component Link
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].