CVE-2021-28453
Description
Microsoft Word Remote Code Execution Vulnerability
Risk Information
Base Score
7.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
6.487
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SharePoint Denial of Service Update for Microsoft SharePoint Server 2019 Core (KB4504716) | Windows |
| Microsoft SharePoint Denial of Service Update for Microsoft SharePoint Enterprise Server 2016 (KB4504719) | Windows |
| Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB4504729) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2016 (KB4493198) 32-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2016 (KB4493198) 64-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4493201) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2013 (KB4493208) 32-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2013 (KB4493208) 64-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2010 (KB4493218) 32-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2010 (KB4493218) 64-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Server 2010 (KB4504701) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Web Applications (KB4504705) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Server 2019 Language Pack (KB4504715) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4504723) | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4493215) 32-Bit Edition | Windows |
| Microsoft Word Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4493215) 64-Bit Edition | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Office 2019 for x86 1808 of version(10373.20050) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Office 2019 x64 1808 (Build:10373.20050) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Office 2019 for x64 1808 of version(10373.20050) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2008 of version(13127.21506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2008 of version(13127.21506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2008 of version(13127.21506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2008 of version(13127.21506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2008 (Build 13127.21506) (Online Installer) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2102 of version(13801.20506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2102 of version(13801.20506) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2102 (Build 13801.20506) (Online Installer) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2103 of version(13901.20400) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2103 of version(13901.20400) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2103 of version(13901.20400) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2103 of version(13901.20400) | Windows |
| Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel Version 2103 (Build 13901.20400) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-31262 | Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4504719) |
| PATCH-31244 | Security Update for Microsoft Office Web Apps Server 2013 (KB4504729) |
| PATCH-31260 | Security Update for Microsoft Word 2016 (KB4493198) 32-Bit Edition |
| PATCH-31261 | Security Update for Microsoft Word 2016 (KB4493198) 64-Bit Edition |
| PATCH-31252 | Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4493201) |
| PATCH-31258 | Security Update for Microsoft Word 2013 (KB4493208) 32-Bit Edition |
| PATCH-31259 | Security Update for Microsoft Word 2013 (KB4493208) 64-Bit Edition |
| PATCH-31265 | Security Update for Microsoft SharePoint Server 2019 Language Pack (KB4504715) |
| PATCH-31263 | Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4504723) |
| PATCH-31299 | Security Update for Microsoft Office 2010 (KB4493215) 32-Bit Edition |
| PATCH-31300 | Security Update for Microsoft Office 2010 (KB4493215) 64-Bit Edition |
| PATCH-31275 | Update for Office 2019 for x86 1808 of version(10373.20050) |
| PATCH-31276 | Office 2016 Deployment Tool for Office 2019 x64 1808 (Build:10373.20050) |
| PATCH-31277 | Update for Office 2019 for x64 1808 of version(10373.20050) |
| PATCH-31279 | Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2008 of version(13127.21506) |
| PATCH-31281 | Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2008 of version(13127.21506) |
| PATCH-31283 | Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2008 of version(13127.21506) |
| PATCH-31285 | Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2008 of version(13127.21506) |
| PATCH-31291 | Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2008 (Build 13127.21506) (Online Installer) |
| PATCH-31287 | Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2102 of version(13801.20506) |
| PATCH-31289 | Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2102 of version(13801.20506) |
| PATCH-31292 | Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2102 (Build 13801.20506) (Online Installer) |
| PATCH-31267 | Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2103 of version(13901.20400) |
| PATCH-31269 | Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2103 of version(13901.20400) |
| PATCH-31271 | Update for Microsoft 365 Apps for Business Current Channel for x64 2103 of version(13901.20400) |
| PATCH-31273 | Update for Microsoft 365 Apps for Business Current Channel for x86 2103 of version(13901.20400) |
| PATCH-31290 | Update for Microsoft 365 Apps for Enterprise Current Channel Version 2103 (Build 13901.20400) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234