CVE-2023-28311

HIGH

Microsoft 365 Apps and Office - Remote Code Execution via Heap-based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-28311. PoCs published by nu11secur1ty.

AI-analyzed exploit summary The provided content lacks functional exploit code and instead includes a vague VBS script snippet that downloads and executes a payload from an external URL. The description is overly generic and relies on social engineering tactics without technical depth.

Description

Microsoft Word Remote Code Execution Vulnerability

Exploits (1)

exploitdb SUSPICIOUS

by nu11secur1ty · textremotemultiple

https://www.exploit-db.com/exploits/51376

View Code ZIP pw:eip

The provided content lacks functional exploit code and instead includes a vague VBS script snippet that downloads and executes a payload from an external URL. The description is overly generic and relies on social engineering tactics without technical depth.

Classification

Suspicious 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Word 16.72.23040900

Auth required

Prerequisites: Victim interaction to open a malicious file · External server hosting payload

MITRE ATT&CK

T1204 - User Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311

Scores

CVSS v3 7.8

EPSS 0.0272

EPSS Percentile 84.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (3)

microsoft/365_apps

microsoft/office 2019

microsoft/office_long_term_servicing_channel 2021

Published Apr 11, 2023

Tracked Since Feb 18, 2026