[High Risk] Microsoft Office Visio Remote Code Execution Vulnerability

News 2023-08-19 02:02:59 views: null

Vulnerability description

Microsoft Office Visio is a flowchart and vector drawing tool developed by Microsoft Corporation.

In affected versions of Microsoft Office Visio, an attacker could execute arbitrary code in the context of the application when parsing a maliciously crafted Visio file.

Vulnerability name Microsoft Office Visio Remote Code Execution Vulnerability
Vulnerability type code injection
Discovery time 2023/8/9
Vulnerability Breadth wide
MPS number MPS-9pik-asyn
CVE number CVE-2023-36865
CNVD number -

Sphere of influence

Microsoft Office LTSC 2021@[32-bit editions, 64-bit editions]

Microsoft 365 Apps for Enterprise@[32-bit Systems, 64-bit Systems]

Microsoft Office 2019@[32-bit editions, 64-bit editions]

Repair plan

Do not parse untrusted files with Microsoft Office Visio

reference link

https://www.oscs1024.com/hd/MPS-9pik-asyn

https://nvd.nist.gov/vuln/detail/CVE-2023-36865

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865

About Murphy Security

Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from Baidu, Huawei, Wuyun and other enterprises. The company provides customers with a complete software supply chain security management platform, and provides software with a full life cycle around SBOM Security management, platform capabilities include software component analysis, source security management, container image detection, vulnerability intelligence early warning and commercial software supply chain access assessment and other products. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.
Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj

The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.
Free code security detection tool: https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj

insert image description here

Guess you like

Origin blog.csdn.net/murphysec/article/details/132205106
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com