CVE-2023-36884 (office, windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11, windows_11_21h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, word)

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

Upon completion of this investigation, Microsoft will …

attacks aware code code execution cve cve-2023-36884 document documents exploit microsoft microsoft office office products remote code remote code execution reports series targeted attacks vulnerabilities windows word