Microsoft Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-36897 Published on August 8, 2023

Visual Studio Tools for Office Runtime Spoofing Vulnerability
Visual Studio Tools for Office Runtime Spoofing Vulnerability

Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2023-36897

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft 365 Apps

Microsoft Office

Microsoft Visual Studio 2022

Microsoft Visual Studio 2017

Microsoft Visual Studio 2019

Microsoft Visual Studio 2010 Tools Office Runtime

Affected Versions

Microsoft Office 2019:

Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2021:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8):

Version 15.9.0 and below 15.9.56 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.18 is affected.

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10):

Version 16.11.0 and below 16.11.29 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.10 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.6 is affected.

Microsoft Visual Studio 2010 Tools for Office Runtime:

Version 10.0.0 and below 10.0.60910 is affected.

Exploit Probability

EPSS

0.16%

Percentile

36.43%