Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2023-23399: Microsoft Excel Remote Code Execution Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#Microsoft Office Excel#Security Vulnerability
CVE-2023-23414: Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-23416: Windows Cryptographic Services Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system.

CVE-2023-23406: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-23407: Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-24871: Windows Bluetooth Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.

CVE-2023-24872: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

CVE-2023-24876: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2023-24867: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

CVE-2023-24907: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.