CVE-2023-21823

HIGH KEV

Windows 10 1507-21H2 - Remote Code Execution via Graphics Component Integer Overflow

Title source: llm

Exploitation Summary

CVE-2023-21823 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 14, 2023. EIP tracks 1 public exploit from researchers including Elizarfish.

AI-analyzed exploit summary This repository provides a C-based reverse shell implementation for Windows, leveraging CVE-2023-21823. It requires compilation with MinGW or Visual Studio and uses the ws2_32 library for network operations.

Description

Windows Graphics Component Remote Code Execution Vulnerability

Exploits (1)

nomisec WORKING POC 14 stars

by Elizarfish · poc

https://github.com/Elizarfish/CVE-2023-21823

View Code ZIP pw:eip

This repository provides a C-based reverse shell implementation for Windows, leveraging CVE-2023-21823. It requires compilation with MinGW or Visual Studio and uses the ws2_32 library for network operations.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows (unspecified version)

No auth needed

Prerequisites: C compiler (MinGW or Visual Studio) · Network connectivity to attacker-controlled IP/port · Execution privileges on target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21823

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823

Scores

CVSS v3 7.8

EPSS 0.0556

EPSS Percentile 91.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-02-14

VulnCheck KEV 2023-02-14

InTheWild.io 2023-02-14

ENISA EUVD EUVD-2023-25989

CWE

CWE-190

Status published

Products (15)

microsoft/windows_10_1507 < 10.0.10240.19747 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.5717 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.4010 (3 CPE variants)

microsoft/windows_10_20h2 < 10.0.19042.2604 (3 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.2604 (3 CPE variants)

microsoft/windows_10_22h2 < 10.0.19045.2604 (3 CPE variants)

microsoft/windows_11_21h2 < 10.0.22000.1574 (2 CPE variants)

microsoft/windows_11_22h2 < 10.0.22621.1265 (2 CPE variants)

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 5 more

Published Feb 14, 2023

KEV Added Feb 14, 2023

Tracked Since Feb 18, 2026