CVE-2023-23396

MEDIUM

Microsoft Office Online Server - Denial of Service via Excel File Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-23396. PoCs published by LucaBarile.

AI-analyzed exploit summary The repository contains no actual exploit code but instead redirects users to external links for downloading the exploit and reading a report. This is a common tactic for social engineering lures.

Description

Microsoft Excel Denial of Service Vulnerability

Exploits (1)

nomisec SUSPICIOUS 6 stars

by LucaBarile · poc

https://github.com/LucaBarile/CVE-2023-23396

View Code ZIP pw:eip

The repository contains no actual exploit code but instead redirects users to external links for downloading the exploit and reading a report. This is a common tactic for social engineering lures.

Classification

Suspicious 90%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: Microsoft Excel (client version)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396

Scores

CVSS v3 6.5

EPSS 0.0383

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (2)

microsoft/office_online_server

microsoft/office_web_apps_server 2013 sp1

Published Mar 14, 2023

Tracked Since Feb 18, 2026