CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

ITW

Exploited in the wild

Microsoft Word Remote Code Execution Vulnerability

Affected

39 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2019_for_mac	>= 16.0.0 < 16.70.23021201	16.70.23021201
microsoft	microsoft_office_ltsc_2021	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_for_mac_2021	>= 16.0.1 < 16.70.23021201	16.70.23021201
microsoft	microsoft_office_online_server	>= 16.0.1 < 16.0.10395.20001	16.0.10395.20001
microsoft	microsoft_office_web_apps_server_2013_service_pack_1	>= 15.0.1 < 15.0.5529.1000	15.0.5529.1000
microsoft	microsoft_sharepoint_enterprise_server_2013_service_pack_1	>= 15.0.0 < 15.0.5529.1000	15.0.5529.1000
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5383.1000	16.0.5383.1000
microsoft	microsoft_sharepoint_foundation_2013_service_pack_1	>= 15.0.0 < 15.0.5529.1000	15.0.5529.1000
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10395.20001	16.0.10395.20001
microsoft	microsoft_sharepoint_server_subscription_edition	>= 16.0.0 < 16.0.15601.20478	16.0.15601.20478
microsoft	microsoft_word_2013_service_pack_1	>= 15.0.1 < 15.0.5529.1000	15.0.5529.1000
microsoft	microsoft_word_2016	>= 16.0.1 < 16.0.5383.1000	16.0.5383.1000
microsoft	office	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	office_online_server	—	—
microsoft	office_web_apps	—	—
microsoft	sharepoint_enterprise_server	—	—
microsoft	sharepoint_enterprise_server	—	—
microsoft	sharepoint_foundation	—	—
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server_subscription_edition_language_pack	>= 16.0.0 < 16.0.15601.20478	16.0.15601.20478
microsoft	word	—	—
msrc	microsoft_365_apps	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL