CVE-2023-36884

HIGH KEV RANSOMWARE

Windows Search - RCE

Title source: llm

Description

Windows Search Remote Code Execution Vulnerability

Exploits (9)

nomisec WORKING POC 41 stars

by jakabakos · client-side

https://github.com/jakabakos/CVE-2023-36884-MS-Office-HTML-RCE

View Code ZIP pw:eip

nomisec WORKING POC 27 stars

by Maxwitat · poc

https://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline

View Code ZIP pw:eip

nomisec SCANNER 15 stars

by tarraschk · poc

https://github.com/tarraschk/CVE-2023-36884-Checker

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by ridsoliveira · poc

https://github.com/ridsoliveira/Fix-CVE-2023-36884

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by zerosorai · poc

https://github.com/zerosorai/CVE-2023-36884

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by deepinstinct · poc

https://github.com/deepinstinct/Storm0978-RomCom-Campaign

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by raresteak · poc

https://github.com/raresteak/CVE-2023-36884

View Code ZIP pw:eip

nomisec NO CODE

by ToddMaxey · poc

https://github.com/ToddMaxey/CVE-2023-36884

View Code ZIP pw:eip

nomisec WORKING POC

by or2me · poc

https://github.com/or2me/CVE-2023-36884_patcher

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

[Broken Link, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Jul/43

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36884

Scores

CVSS v3 7.5

EPSS 0.9322

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2023-07-17

VulnCheck KEV 2023-07-05

InTheWild.io 2023-07-05

ENISA EUVD EUVD-2023-40804

Ransomware Use Confirmed

Classification

CWE

CWE-362

Status published

Affected Products (17)

microsoft/windows_10_1507 < 10.0.10240.20107

microsoft/windows_10_1607 < 10.0.14393.6167

microsoft/windows_10_1607 < 10.0.14393.6167

microsoft/windows_10_1809 < 10.0.17763.4737

microsoft/windows_10_1809 < 10.0.17763.4737

microsoft/windows_10_1809 < 10.0.17763.4737

microsoft/windows_10_21h2 < 10.0.19044.3324

microsoft/windows_10_22h2 < 10.0.19044.3324

microsoft/windows_11_21h2 < 10.0.22000.2295

microsoft/windows_11_22h2 < 10.0.22621.2134

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_server_2012

microsoft/windows_server_2016 < 10.0.14393.6167

... and 2 more

Timeline

Published Jul 11, 2023

KEV Added Jul 17, 2023

Tracked Since Feb 18, 2026