ZDI-23-1181: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

Aug. 24, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

arbitrary code attackers code code execution excel exploit file free malicious microsoft microsoft excel page parsing remote code remote code execution target use-after-free vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

attacker attackers avira code +20

ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attack attackers attack vectors +21

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Computer and Forensics Investigator

@ ManTech | 221BQ - Cstmr Site,Springfield,VA

View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States

View on infosec-jobs.com

Associate Vulnerability Management Specialist

@ Diebold Nixdorf | Hyderabad, Telangana, India

View on infosec-jobs.com

all InfoSec news

ZDI-23-1181: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Computer and Forensics Investigator

Senior Security Analyst

Associate Vulnerability Management Specialist