Home

CVE-2021-40473

Description

Microsoft Excel Remote Code Execution Vulnerability

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
4.005

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB5001982) 32-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB5001982) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB5001985) 64-Bit EditionWindows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB5001985) 32-Bit EditionWindows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x86 1808 of version(10379.20043)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x64 1808 of version(10379.20043)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for 1808 of Volume License Version (10379.20043) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21004) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20508)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20508)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20508) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel Version 2109 (Build 14430.20298) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for 2109 Retail Version (14430.20298) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x64 2109 Retail Version (14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x86 2109 Retail Version (14430.20298)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-32258Security Update for Microsoft Office 2016 (KB5001982) 32-Bit Edition
PATCH-32259Security Update for Microsoft Office 2016 (KB5001982) 64-Bit Edition
PATCH-32256Security Update for Microsoft Office 2013 (KB5001985) 64-Bit Edition
PATCH-32257Security Update for Microsoft Office 2013 (KB5001985) 32-Bit Edition
PATCH-32285Update for Office 2019 for x86 1808 of version(10379.20043)
PATCH-32287Update for Office 2019 for x64 1808 of version(10379.20043)
PATCH-32300Update for Office 2019 for 1808 of Volume License Version (10379.20043) (Online Installer)
PATCH-32289Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21004)
PATCH-32291Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21004)
PATCH-32293Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21004)
PATCH-32295Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21004)
PATCH-32302Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21004) (Online Installer)
PATCH-32297Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20508)
PATCH-32299Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20508)
PATCH-32301Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20508) (Online Installer)
PATCH-32277Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2109 of version(14430.20298)
PATCH-32279Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2109 of version(14430.20298)
PATCH-32281Update for Microsoft 365 Apps for Business Current Channel for x64 2109 of version(14430.20298)
PATCH-32283Update for Microsoft 365 Apps for Business Current Channel for x86 2109 of version(14430.20298)
PATCH-32303Update for Microsoft 365 Apps for Enterprise Current Channel Version 2109 (Build 14430.20298) (Online Installer)
PATCH-32309Update for Office 2019 for 2109 Retail Version (14430.20298) (Online Installer)
PATCH-32311Update for Office 2019 for x64 2109 Retail Version (14430.20298)
PATCH-32313Update for Office 2019 for x86 2109 Retail Version (14430.20298)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234