CVE-2023-32029
Published: 14 June 2023
Summary
CVE-2023-32029 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Excel. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Excel contains a remote code execution vulnerability tracked as CVE-2023-32029. The flaw is an out-of-bounds read (CWE-125) that affects the application's handling of specially crafted spreadsheet files and carries a CVSS 3.1 base score of 7.8.
An attacker can exploit the issue by convincing a user to open a malicious Excel document on a local system. Because the attack vector requires user interaction but no privileges or additional authentication, successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the current user, resulting in full confidentiality, integrity, and availability impact.
Microsoft has published security updates addressing the vulnerability through its update guide, and Cisco Talos has released a detailed technical analysis (TALOS-2023-1730) that includes indicators for detection and verification of the fix.
The EPSS score for this CVE currently stands at 0.4033, indicating a moderate and stable probability of exploitation in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36316
Vulnerability details
Microsoft Excel Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.