CVE-2023-23399

HIGH

Microsoft Excel - Remote Code Execution via Out-of-bounds Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-23399. PoCs published by nu11secur1ty.

AI-analyzed exploit summary The exploit demonstrates a Remote Code Execution (RCE) vulnerability in Microsoft Excel 365 by leveraging VBA macros to execute arbitrary commands or launch external applications. The provided VBA code snippets show methods to execute 'cmd.exe' or open a malicious URL via 'Shell.Application'.

Description

Microsoft Excel Remote Code Execution Vulnerability

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textremotemultiple
https://www.exploit-db.com/exploits/51328

The exploit demonstrates a Remote Code Execution (RCE) vulnerability in Microsoft Excel 365 by leveraging VBA macros to execute arbitrary commands or launch external applications. The provided VBA code snippets show methods to execute 'cmd.exe' or open a malicious URL via 'Shell.Application'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit
No auth needed
Prerequisites: Victim must open a malicious Excel file · Macros must be enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0253
EPSS Percentile 82.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (9)
microsoft/365_apps
microsoft/excel 2013 sp1 (2 CPE variants)
microsoft/excel 2016
microsoft/office 2013 sp1 (2 CPE variants)
microsoft/office 2016
microsoft/office 2019 (2 CPE variants)
microsoft/office_long_term_servicing_channel 2021 (2 CPE variants)
microsoft/office_online_server
microsoft/office_web_apps_server 2013 sp1
Published Mar 14, 2023
Tracked Since Feb 18, 2026