Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Microsoft Security Response Center
#vulnerability#web#microsoft#rce#Microsoft Office Outlook#Security Vulnerability
CVE-2023-33130: Microsoft SharePoint Server Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

CVE-2023-33129: Microsoft SharePoint Denial of Service Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

CVE-2023-33140: Microsoft OneNote Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.

CVE-2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior

**Why is this AutoDesk CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-27910: AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior

**Why is this AutoDesk CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-27909: AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior

**Why is this AutoDesk CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2023-33133: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-29360: Microsoft Streaming Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.