CVE-2023-36761

unknown KEV

Published 2023-09-12 · Modified 2023-09-12

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

CISA KEV

Vendor: Microsoft
Product: Word
Due date: 2023-10-03

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761; https://nvd.nist.gov/vuln/detail/CVE-2023-36761

Mitigation details

Source: Microsoft Security Response Center · View original ↗ · proprietary-no-redistribution

Full prose not cached — VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.

Affected

Vendor	Product	Version
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1
microsoft	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
microsoft	Windows Server 2012
microsoft	Windows Server 2012 (Server Core installation)
microsoft	Windows Server 2012 R2
microsoft	Windows Server 2012 R2 (Server Core installation)
microsoft	Microsoft Visual Studio 2013 Update 5
microsoft	Microsoft Visual Studio 2015 Update 3
microsoft	Microsoft Office 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Office 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Office 2013 RT Service Pack 1
microsoft	Microsoft Word 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Word 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Word 2013 RT Service Pack 1
microsoft	Microsoft Excel 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Excel 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Excel 2013 RT Service Pack 1
microsoft	Windows 10 for 32-bit Systems
microsoft	Windows 10 for x64-based Systems
microsoft	Microsoft Excel 2016 (32-bit edition)
microsoft	Microsoft Excel 2016 (64-bit edition)
microsoft	Microsoft Word 2016 (32-bit edition)
microsoft	Microsoft Word 2016 (64-bit edition)
microsoft	Microsoft Office 2016 (32-bit edition)
microsoft	Microsoft Office 2016 (64-bit edition)
microsoft	Microsoft Outlook 2016 (32-bit edition)
microsoft	Microsoft Outlook 2016 (64-bit edition)
microsoft	Windows Server 2016
microsoft	Windows 10 Version 1607 for 32-bit Systems

Exploits

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761; https://nvd.nist.gov/vuln/detail/CVE-2023-36761

Verify integrity in audit chain (admin only). AS-IS.