Headline
CVE-2023-33150: Microsoft Office Security Feature Bypass Vulnerability
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires the victim to open a specially crafted file and click through Office Security Prompt(s). An attacker would have no way to force users to open the file.,
- In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
- In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.