HomeCyber SecurityCVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released

CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released

Overview of CVE-2023-21716

Indonesia – SECRY – CVE-2023-21716 – is a severe heap corruption vulnerability discovered in Microsoft Word’s RTF parser. This vulnerability, when exploited, allows remote attackers to execute code with the same privileges as the victim who opens a malicious RTF document.

Attackers can easily send the malicious file to the target via email or other methods. Despite the availability of a proof of concept (PoC), Microsoft believes it is unlikely that the vulnerability has been exploited in the wild.


Severity and Affected Products

CVE-2023-21716 has a CVSS score of 9.8, indicating high severity.

This vulnerability affects a wide range of Microsoft products, including Microsoft Office, SharePoint, and various 365 apps versions.

The high severity score is due to the low attack complexity and lack of privileges or user interaction required for exploitation.


Discovery and Proof-of-Concept of CVE-2023-21716

Security researcher Joshua Drake discovered the vulnerability in Microsoft Office’s “wwlib.dll” and sent Microsoft a technical advisory with a PoC demonstrating the exploitability of the issue.

The PoC reveals the heap corruption problem but does not show full code execution capabilities. Drake managed to create a tweet-sized version of the PoC, which gained attention from the security community.


Vulnerability Mechanics and Attack Vectors

The vulnerability resides in Microsoft Word’s RTF parser and occurs due to a font table (*\fonttbl*) containing an excessive number of fonts (*\f###*), resulting in heap corruption.

This security flaw in Microsoft Word can be exploited by remote attackers, who can then execute code with the same privileges as the victim opening or previewing a malicious .RTF document.

Cybercriminals can easily deliver these harmful files to their targets through email attachments or alternative methods.

Microsoft emphasizes that users don’t even have to open the malicious RTF document, as merely loading the file in the Preview Pane is sufficient for the compromise to initiate.


Potential Impact and Mitigation

Remote code execution vulnerabilities like CVE-2023-21716 are highly sought after by attackers, as they enable the wide-scale distribution of malware via email.

Although there is no indication that the vulnerability is currently being exploited in the wild, it is crucial for users to take appropriate action to protect themselves.


Microsoft Addressed Vulnerability and Launch Security Updates

Microsoft has addressed the vulnerability in its February, Patch Tuesday security updates. Users should install these security updates to mitigate the risk.

Alternatively, users can read emails in plain text format or enable the Microsoft Office File Block policy to prevent Office apps from opening RTF documents of unknown or untrusted origin.

However, these workarounds may cause inconvenience or require modifications to the Windows Registry, which could lead to other issues if done incorrectly.

In conclusion, to ensure the highest level of protection against CVE-2023-21716, it is recommended to install Microsoft’s security updates as soon as possible.

A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.



Please enter your comment!
Please enter your name here

eight + nine =

Most Popular


- Advertisement -