Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-24884: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#auth#Microsoft Printer Drivers#Security Vulnerability
CVE-2023-24925: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-24929: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-24886: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-24926: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-28314: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

CVE-2023-28295: Microsoft Publisher Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user needs to be tricked into running malicious files.

CVE-2023-28288: Microsoft SharePoint Server Spoofing Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.

CVE-2023-28313: Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-28309: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.