CVE-2022-26901

Description

Microsoft Excel Remote Code Execution Vulnerability

Risk Information

Base Score

7.7

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

Exploitation Probability

0.994

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB5002143) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2016 (KB5002143) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB5002148) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2013 (KB5002148) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB5002169)	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB5002175) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB5002175) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB5002177) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB5002177) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of volume version(10385.20027)	Windows
Update for Office 2019 for x64 1808 of volume version(10385.20027) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of volume version(10385.20027)	Windows
Update for Office 2019 for x86 1808 of volume version(10385.20027) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 1808 of version(10385.20027)	Windows
Update for Office 2019 for x86 1808 of version(10385.20027) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 1808 of version(10385.20027)	Windows
Update for Office 2019 for x64 1808 of version(10385.20027) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for 1808 of Volume License Version (10385.20027) (Online Installer)	Windows
Update for Office 2019 for 1808 of Volume License Version (10385.20027) (Online Installer) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910)	Windows
Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2108 (Build 14326.20910) (Online Installer)	Windows
Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2108 (Build 14326.20910) (Online Installer) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2108 of volume version(14332.20281)	Windows
Update for Office 2021 for x64 2108 of volume version(14332.20281) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2108 of volume version(14332.20281)	Windows
Update for Office 2021 for x86 2108 of volume version(14332.20281) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2202 of version(14931.20274)	Windows
Update for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2202 of version(14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2202 (14931.20274)	Windows
Update for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2202 (14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2202 of version(14931.20274)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2202 of version(14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2202 of version(14931.20274)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2202 of version(14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2202 of version(14931.20274)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2202 of version(14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2202 of version(14931.20274)	Windows
Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2202 of version(14931.20274) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Targeted Channel Version 2202 (Build 14931.20274) (Online Installer)	Windows
Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2202 (Build 14931.20274) (Online Installer) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x64 2203 Retail Version (15028.20204)	Windows
Update for Office 2019 for x64 2203 Retail Version (15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2019 for x86 2203 Retail Version (15028.20204)	Windows
Update for Office 2019 for x86 2203 Retail Version (15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x64 2203 of Retail Version(15028.20204)	Windows
Update for Office 2021 for x64 2203 of Retail Version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Office 2021 for x86 2203 of Retail Version(15028.20204)	Windows
Update for Office 2021 for x86 2203 of Retail Version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204)	Windows
Update for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204) For Home Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft 365 Apps for Enterprise and Business Current Channel Version 2203 (Build 15028.20204) (Online Installer)	Windows
Update for Microsoft 365 Apps for Enterprise and Business Current Channel Version 2203 (Build 15028.20204) (Online Installer) For Home Edition	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-33517	Security Update for Microsoft Office 2016 (KB5002143) 64-Bit Edition
PATCH-33518	Security Update for Microsoft Office 2016 (KB5002143) 32-Bit Edition
PATCH-33513	Security Update for Microsoft Office 2013 (KB5002148) 64-Bit Edition
PATCH-33514	Security Update for Microsoft Office 2013 (KB5002148) 32-Bit Edition
PATCH-33512	Security Update for Microsoft Office Web Apps Server 2013 (KB5002169)
PATCH-33515	Security Update for Microsoft Excel 2013 (KB5002175) 32-Bit Edition
PATCH-33516	Security Update for Microsoft Excel 2013 (KB5002175) 64-Bit Edition
PATCH-33519	Security Update for Microsoft Excel 2016 (KB5002177) 64-Bit Edition
PATCH-33520	Security Update for Microsoft Excel 2016 (KB5002177) 32-Bit Edition
PATCH-33549	Update for Office 2019 for x64 1808 of volume version(10385.20027)
PATCH-33551	Update for Office 2019 for x86 1808 of volume version(10385.20027)
PATCH-33573	Update for Office 2019 for x86 1808 of version(10385.20027)
PATCH-33575	Update for Office 2019 for x64 1808 of version(10385.20027)
PATCH-33588	Update for Office 2019 for 1808 of Volume License Version (10385.20027) (Online Installer)
PATCH-33537	Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910)
PATCH-33539	Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910)
PATCH-33541	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910)
PATCH-33543	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910)
PATCH-33581	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2108 of version(14326.20910)
PATCH-33583	Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2108 of version(14326.20910)
PATCH-33585	Update for Microsoft 365 Apps for Business Semi Annual Channel for x64 2108 of version(14326.20910)
PATCH-33587	Update for Microsoft 365 Apps for Business Semi Annual Channel for x86 2108 of version(14326.20910)
PATCH-33589	Update for Microsoft 365 Apps for Enterprise Semi-Annual Channel Version 2108 (Build 14326.20910) (Online Installer)
PATCH-33557	Update for Office 2021 for x64 2108 of volume version(14332.20281)
PATCH-33559	Update for Office 2021 for x86 2108 of volume version(14332.20281)
PATCH-33533	Update for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2202 of version(14931.20274)
PATCH-33535	Update for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2202 (14931.20274)
PATCH-33545	Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2202 of version(14931.20274)
PATCH-33547	Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2202 of version(14931.20274)
PATCH-33577	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x64 2202 of version(14931.20274)
PATCH-33579	Update for Microsoft 365 Apps for Enterprise Semi Annual Targeted Channel for x86 2202 of version(14931.20274)
PATCH-33590	Update for Microsoft 365 Apps for Enterprise Targeted Channel Version 2202 (Build 14931.20274) (Online Installer)
PATCH-33525	Update for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204)
PATCH-33527	Update for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204)
PATCH-33529	Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204)
PATCH-33531	Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204)
PATCH-33553	Update for Office 2019 for x64 2203 Retail Version (15028.20204)
PATCH-33555	Update for Office 2019 for x86 2203 Retail Version (15028.20204)
PATCH-33561	Update for Office 2021 for x64 2203 of Retail Version(15028.20204)
PATCH-33563	Update for Office 2021 for x86 2203 of Retail Version(15028.20204)
PATCH-33565	Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2203 of version(15028.20204)
PATCH-33567	Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2203 of version(15028.20204)
PATCH-33569	Update for Microsoft 365 Apps for Business Current Channel for x64 2203 of version(15028.20204)
PATCH-33571	Update for Microsoft 365 Apps for Business Current Channel for x86 2203 of version(15028.20204)
PATCH-33591	Update for Microsoft 365 Apps for Enterprise and Business Current Channel Version 2203 (Build 15028.20204) (Online Installer)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234