Security News > 2023 > March > Proof-of-Concept released for critical Microsoft Word RCE bug
A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.
Tweet-sized PoC. Security researcher Joshua Drake last year discovered the vulnerability in Microsoft Office's "Wwlib.dll" and sent Microsoft a technical advisory containing proof-of-concept code showing the issue is exploitable.
The researcher explains that the RTF parser in Microsoft Word has a heap corruption vulnerability that is triggered "When dealing with a font table containing an excessive number of fonts."
Even if a complete exploit is currently unavailable and only theoretical, installing the security update from Microsoft remains the safest way to deal with the vulnerability.
Exploit released for critical VMware vRealize RCE vulnerability.
Exploit released for critical Fortinet RCE flaw, patch now.
News URL
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft: Word deletes some documents instead of saving them (source)
- Microsoft fixes Word bug that deleted documents when saving (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-21716 | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 9.8 |