CVE-2023-36897: Visual Studio Tools for Office Runtime Spoofing Vulnerability
First published: Tue Aug 08 2023(Updated: )
Visual Studio Tools for Office Runtime Spoofing Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Visual Studio 2010 Tools for Office Runtime | ||
| Microsoft Office 2019 for 64-bit editions | ||
| Microsoft Visual Studio 2019 (includes 16.0 - 16.10) | =16.11 | |
| Microsoft 365 Apps for Enterprise | ||
| Microsoft 365 Apps for Enterprise | ||
| Microsoft Office 2019 for 32-bit editions | ||
| Microsoft Office LTSC 2021 for 32-bit editions | ||
| Microsoft Office LTSC 2021 for 64-bit editions | ||
| Microsoft Visual Studio 2017 (includes 15.0 - 15.8) | =15.9 | |
| Microsoft Visual Studio 2022 | =17.6 | |
| Microsoft Visual Studio 2022 | =17.2 | |
| Microsoft 365 Apps | ||
| Microsoft 365 Apps | ||
| Microsoft Office | =2019 | |
| Microsoft Office | =2019 | |
| Microsoft Office | =2021 | |
| Microsoft Office | =2021 | |
| Microsoft Visual Studio 2010 Tools for Office Runtime | ||
| Microsoft Visual Studio 2017 | >=15.0<15.9.56 | |
| Microsoft Visual Studio 2019 | >=16.0<16.11.29 | |
| Microsoft Visual Studio 2022 | >=17.2.0<17.2.18 | |
| Microsoft Visual Studio 2022 | >=17.4.0<17.4.10 | |
| Microsoft Visual Studio 2022 | >=17.6.0<17.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-36897.
What is the severity of CVE-2023-36897?
CVE-2023-36897 has a severity rating of 8.1 (high).
Which software products are affected by CVE-2023-36897?
The following software products are affected by CVE-2023-36897: Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019, and Microsoft Visual Studio 2022.
How can I fix CVE-2023-36897?
To fix CVE-2023-36897, you should apply the relevant security updates provided by Microsoft for the affected software products.
Where can I find more information about CVE-2023-36897?
You can find more information about CVE-2023-36897 on the Microsoft Security Response Center (MSRC) website.
- collector/msrc
- agent/author
- agent/type
- agent/first-publish-date
- source/Microsoft
- collector/msrc-cve
- agent/softwarecombine
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/title
- agent/references
- agent/software-canonical-lookup-request
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/nvd-api
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft visual studio 2010 tools for office runtime
- canonical/microsoft office 2019 for 64-bit editions
- canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
- version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
- canonical/microsoft 365 apps for enterprise
- canonical/microsoft office 2019 for 32-bit editions
- canonical/microsoft office ltsc 2021 for 32-bit editions
- canonical/microsoft office ltsc 2021 for 64-bit editions
- canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
- version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
- canonical/microsoft visual studio 2022
- version/microsoft visual studio 2022/17.6
- version/microsoft visual studio 2022/17.4
- version/microsoft visual studio 2022/17.2
- canonical/microsoft 365 apps
- canonical/microsoft office
- version/microsoft office/2019
- version/microsoft office/2021
- canonical/microsoft visual studio 2017
- version/microsoft visual studio 2017/15.0
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.0
- version/microsoft visual studio 2022/17.2.0
- version/microsoft visual studio 2022/17.4.0
- version/microsoft visual studio 2022/17.6.0