Home

CVE-2021-40486

Description

Microsoft Word Remote Code Execution Vulnerability

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
4.235

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Excel Information Disclosure Vulnerability for Microsoft Office Web Apps Server 2013 (KB5002036)Windows
Microsoft SharePoint Server Information Disclosure Vulnerability for Microsoft SharePoint Server 2019 Core (KB5002028)Windows
Microsoft SharePoint Server Spoofing Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB5002029)Windows
Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB5001924)Windows
Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2013 (KB5001960) 32-Bit EditionWindows
Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2013 (KB5001960) 64-Bit EditionWindows
Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2016 (KB5002004) 32-Bit EditionWindows
Microsoft Word Remote Code Execution Vulnerability for Microsoft Word 2016 (KB5002004) 64-Bit EditionWindows
Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB5002006)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x86 1808 of version(10379.20043)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x64 1808 of version(10379.20043)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for 1808 of Volume License Version (10379.20043) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21004)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21004) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20508)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20508)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20508) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2109 of version(14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Microsoft 365 Apps for Enterprise Current Channel Version 2109 (Build 14430.20298) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for 2109 Retail Version (14430.20298) (Online Installer)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x64 2109 Retail Version (14430.20298)Windows
Rich Text Edit Control Information Disclosure Vulnerability for Office 2019 for x86 2109 Retail Version (14430.20298)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-32251Security Update for Microsoft Office Web Apps Server 2013 (KB5002036)
PATCH-32274Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002029)
PATCH-32266Security Update for Microsoft SharePoint Enterprise Server 2013 (KB5001924)
PATCH-32262Security Update for Microsoft Word 2013 (KB5001960) 32-Bit Edition
PATCH-32263Security Update for Microsoft Word 2013 (KB5001960) 64-Bit Edition
PATCH-32264Security Update for Microsoft Word 2016 (KB5002004) 32-Bit Edition
PATCH-32265Security Update for Microsoft Word 2016 (KB5002004) 64-Bit Edition
PATCH-32273Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002006)
PATCH-32285Update for Office 2019 for x86 1808 of version(10379.20043)
PATCH-32287Update for Office 2019 for x64 1808 of version(10379.20043)
PATCH-32300Update for Office 2019 for 1808 of Volume License Version (10379.20043) (Online Installer)
PATCH-32289Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2102 of version(13801.21004)
PATCH-32291Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2102 of version(13801.21004)
PATCH-32293Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2102 of version(13801.21004)
PATCH-32295Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2102 of version(13801.21004)
PATCH-32302Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2102 (Build 13801.21004) (Online Installer)
PATCH-32297Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2108 of version(14326.20508)
PATCH-32299Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2108 of version(14326.20508)
PATCH-32301Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2108 (Build 14326.20508) (Online Installer)
PATCH-32277Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2109 of version(14430.20298)
PATCH-32279Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2109 of version(14430.20298)
PATCH-32281Update for Microsoft 365 Apps for Business Current Channel for x64 2109 of version(14430.20298)
PATCH-32283Update for Microsoft 365 Apps for Business Current Channel for x86 2109 of version(14430.20298)
PATCH-32303Update for Microsoft 365 Apps for Enterprise Current Channel Version 2109 (Build 14430.20298) (Online Installer)
PATCH-32309Update for Office 2019 for 2109 Retail Version (14430.20298) (Online Installer)
PATCH-32311Update for Office 2019 for x64 2109 Retail Version (14430.20298)
PATCH-32313Update for Office 2019 for x86 2109 Retail Version (14430.20298)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234