CVE-2021-28456

Description

Microsoft Excel Information Disclosure Vulnerability

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

Exploitation Probability

17.031

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB3017810) 64-Bit Edition	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB3017810) 32-Bit Edition	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4504721) 64-Bit Edition	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4504721) 32-Bit Edition	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4504735) 32-Bit Edition	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4504735) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB4504729)	Windows
Microsoft Office Remote Code Execution Vulnerability for Office 2019 for x86 1808 of version(10373.20050)	Windows
Microsoft Office Remote Code Execution Vulnerability for Office 2019 x64 1808 (Build:10373.20050)	Windows
Microsoft Office Remote Code Execution Vulnerability for Office 2019 for x64 1808 of version(10373.20050)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2008 of version(13127.21506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2008 of version(13127.21506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2008 of version(13127.21506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2008 of version(13127.21506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2008 (Build 13127.21506) (Online Installer)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2102 of version(13801.20506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2102 of version(13801.20506)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2102 (Build 13801.20506) (Online Installer)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2103 of version(13901.20400)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2103 of version(13901.20400)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2103 of version(13901.20400)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2103 of version(13901.20400)	Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel Version 2103 (Build 13901.20400)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-31226	Security Update for Microsoft Excel 2010 (KB3017810) 64-Bit Edition
PATCH-31227	Security Update for Microsoft Excel 2010 (KB3017810) 32-Bit Edition
PATCH-31230	Security Update for Microsoft Excel 2016 (KB4504721) 64-Bit Edition
PATCH-31231	Security Update for Microsoft Excel 2016 (KB4504721) 32-Bit Edition
PATCH-31228	Security Update for Microsoft Excel 2013 (KB4504735) 32-Bit Edition
PATCH-31229	Security Update for Microsoft Excel 2013 (KB4504735) 64-Bit Edition
PATCH-31244	Security Update for Microsoft Office Web Apps Server 2013 (KB4504729)
PATCH-31275	Update for Office 2019 for x86 1808 of version(10373.20050)
PATCH-31276	Office 2016 Deployment Tool for Office 2019 x64 1808 (Build:10373.20050)
PATCH-31277	Update for Office 2019 for x64 1808 of version(10373.20050)
PATCH-31279	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2008 of version(13127.21506)
PATCH-31281	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2008 of version(13127.21506)
PATCH-31283	Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2008 of version(13127.21506)
PATCH-31285	Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2008 of version(13127.21506)
PATCH-31291	Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2008 (Build 13127.21506) (Online Installer)
PATCH-31287	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2102 of version(13801.20506)
PATCH-31289	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2102 of version(13801.20506)
PATCH-31292	Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2102 (Build 13801.20506) (Online Installer)
PATCH-31267	Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2103 of version(13901.20400)
PATCH-31269	Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2103 of version(13901.20400)
PATCH-31271	Update for Microsoft 365 Apps for Business Current Channel for x64 2103 of version(13901.20400)
PATCH-31273	Update for Microsoft 365 Apps for Business Current Channel for x86 2103 of version(13901.20400)
PATCH-31290	Update for Microsoft 365 Apps for Enterprise Current Channel Version 2103 (Build 13901.20400)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234