#VU75903 Input validation error in Microsoft products - CVE-2023-29333

Cybersecurity Help s.r.o.

Published: 2023-05-09

Vulnerability identifier: #VU75903

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29333

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Microsoft Office
Client/Desktop applications / Office applications
Microsoft 365 Apps for Enterprise
Client/Desktop applications / Office applications
Microsoft Office LTSC 2021
Other software / Other software solutions

Vendor: Microsoft

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Microsoft Access. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft Office: 2019

Microsoft Office LTSC 2021: 32 bit editions - 64 bit editions

Microsoft 365 Apps for Enterprise: 32-bit Systems, 64-bit Systems

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29333

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Microsoft Access