{"id":2247,"date":"2023-03-23T10:22:08","date_gmt":"2023-03-23T10:22:08","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=2247"},"modified":"2023-10-04T14:30:59","modified_gmt":"2023-10-04T14:30:59","slug":"cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/","title":{"rendered":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>Overview of CVE-2023-21716<\/h2>\n<p><strong>Indonesia &#8211; SECRY &#8211; <em>CVE-2023-21716<\/em><\/strong> &#8211; is a severe heap corruption vulnerability discovered in Microsoft Word&#8217;s RTF parser. This vulnerability, when exploited, allows remote attackers to execute code with the same privileges as the victim who opens a malicious RTF document.<\/p>\n<p>Attackers can easily send the malicious file to the target via email or other methods. Despite the availability of a proof of concept (PoC), Microsoft believes it is unlikely that the vulnerability has been exploited in the wild.<\/p>\n<p>&nbsp;<\/p>\n<h2>Severity and Affected Products<\/h2>\n<p>CVE-2023-21716 has a CVSS score of <strong>9.8<\/strong>, indicating <strong>high severity<\/strong>.<\/p>\n<p>This vulnerability affects a wide range of Microsoft products, including <em>Microsoft Office<\/em>, <em>SharePoint<\/em>, and various <a href=\"https:\/\/secry.me\/explore\/60ux\"><em>365 apps versions<\/em><\/a>.<\/p>\n<p>The high severity score is due to the low attack complexity and lack of privileges or user interaction required for exploitation.<\/p>\n<p>&nbsp;<\/p>\n<h2>Discovery and Proof-of-Concept of CVE-2023-21716<\/h2>\n<p>Security researcher <strong>Joshua Drake<\/strong> discovered the vulnerability in Microsoft Office&#8217;s &#8220;<em>wwlib.dll<\/em>&#8221; and sent Microsoft a technical advisory with a PoC demonstrating the exploitability of the issue.<\/p>\n<p>The PoC reveals the heap corruption problem but does not show full code execution capabilities. Drake managed to create a tweet-sized version of the PoC, which gained attention from the security community.<\/p>\n<p>&nbsp;<\/p>\n<h2>Vulnerability Mechanics and Attack Vectors<\/h2>\n<p>The vulnerability resides in Microsoft Word&#8217;s RTF parser and occurs due to a font table <em>(*\\fonttbl*)<\/em> containing an excessive number of fonts <em>(*\\f###*)<\/em>, resulting in <strong>heap corruption<\/strong>.<\/p>\n<p>This security flaw in Microsoft Word can be exploited by remote attackers, who can then execute code with the same privileges as the victim opening or previewing a malicious .RTF document.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Microsoft Word <a href=\"https:\/\/twitter.com\/hashtag\/RCE?src=hash&amp;ref_src=twsrc%5Etfw\">#RCE<\/a> (CVE-2023-21716) <a href=\"https:\/\/twitter.com\/hashtag\/POC?src=hash&amp;ref_src=twsrc%5Etfw\">#POC<\/a> written by python.(<a href=\"https:\/\/twitter.com\/hashtag\/0day?src=hash&amp;ref_src=twsrc%5Etfw\">#0day<\/a> , CVSS Score of 9.8)<\/p>\n<p>&#8220;` python<br \/>\nopen(&#8220;t3zt.rtf&#8221;,&#8221;wb&#8221;).write((&#8220;{\\\\rtf1{\\n{\\\\fonttbl&#8221; + &#8220;&#8221;.join([ (&#8220;{\\\\f%dA;}\\n&#8221; % i) for i in range(0,32761) ]) + &#8220;}\\n{\\\\rtlch no crash??}\\n}}\\n&#8221;).encode(&#8216;utf-8&#8217;))<br \/>\n&#8220;`<\/p>\n<p>\u2014 61ue5creen (@hd3s5) <a href=\"https:\/\/twitter.com\/hd3s5\/status\/1635442879244951553?ref_src=twsrc%5Etfw\">March 14, 2023<\/a><\/p><\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nCybercriminals can easily deliver these harmful files to their targets through email attachments or alternative methods.<\/p>\n<p>Microsoft emphasizes that users don&#8217;t even have to open the malicious RTF document, as merely loading the file in the Preview Pane is sufficient for the compromise to initiate.<\/p>\n<p>&nbsp;<\/p>\n<h2>Potential Impact and Mitigation<\/h2>\n<p>Remote code execution vulnerabilities like CVE-2023-21716 are highly sought after by attackers, as they enable the wide-scale distribution of malware via email.<\/p>\n<p>Although there is no indication that the vulnerability is currently being exploited in the wild, it is crucial for users to take appropriate action to protect themselves.<\/p>\n<p>&nbsp;<\/p>\n<h2>Microsoft Addressed Vulnerability and Launch Security Updates<\/h2>\n<p>Microsoft has addressed the vulnerability in its February, Patch Tuesday security updates. Users should <em><strong>install these security updates<\/strong><\/em> to mitigate the risk.<\/p>\n<p>Alternatively, users can <em><strong>read emails in plain text<\/strong><\/em> format or <strong><em>enable the Microsoft Office File Block policy<\/em><\/strong> to prevent Office apps from opening RTF documents of unknown or untrusted origin.<\/p>\n<p>However, these workarounds may cause inconvenience or require modifications to the Windows Registry, which could lead to other issues if done incorrectly.<\/p>\n<p>In conclusion, to ensure the highest level of protection against CVE-2023-21716, it is recommended to install Microsoft&#8217;s security updates as soon as possible.<\/p>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Overview of CVE-2023-21716 Indonesia &#8211; SECRY &#8211; CVE-2023-21716 &#8211; is a severe heap corruption vulnerability discovered in Microsoft Word&#8217;s RTF parser. This vulnerability, when exploited, allows remote attackers to execute code with the same privileges as the victim who opens a malicious RTF document. Attackers can easily send the malicious file to the target via [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[194,131],"tags":[199,200,167,198],"class_list":{"0":"post-2247","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-news","9":"tag-cve-2023-21716","10":"tag-joshua-drake","11":"tag-microsoft","12":"tag-microsoft-services"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY<\/title>\n<meta name=\"description\" content=\"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word&#039;s RTF parser. This\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY\" \/>\n<meta property=\"og:description\" content=\"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word&#039;s RTF parser. This\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-23T10:22:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-04T14:30:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/5c69c0bdd8490edfc08d16d35d727470\"},\"headline\":\"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released\",\"datePublished\":\"2023-03-23T10:22:08+00:00\",\"dateModified\":\"2023-10-04T14:30:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/\"},\"wordCount\":527,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png\",\"keywords\":[\"CVE-2023-21716\",\"Joshua Drake\",\"Microsoft\",\"Microsoft Services\"],\"articleSection\":[\"Cyber Security\",\"Hacker News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/\",\"name\":\"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png\",\"datePublished\":\"2023-03-23T10:22:08+00:00\",\"dateModified\":\"2023-10-04T14:30:59+00:00\",\"description\":\"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word's RTF parser. This\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png\",\"width\":1280,\"height\":720,\"caption\":\"Critical Microsoft Word RCE: CVE-2023-21716\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/5c69c0bdd8490edfc08d16d35d727470\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY","description":"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word's RTF parser. This","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY","og_description":"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word's RTF parser. This","og_url":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-03-23T10:22:08+00:00","article_modified_time":"2023-10-04T14:30:59+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/5c69c0bdd8490edfc08d16d35d727470"},"headline":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released","datePublished":"2023-03-23T10:22:08+00:00","dateModified":"2023-10-04T14:30:59+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/"},"wordCount":527,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png","keywords":["CVE-2023-21716","Joshua Drake","Microsoft","Microsoft Services"],"articleSection":["Cyber Security","Hacker News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/","url":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/","name":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png","datePublished":"2023-03-23T10:22:08+00:00","dateModified":"2023-10-04T14:30:59+00:00","description":"Overview of CVE-2023-21716 Indonesia - SECRY - CVE-2023-21716 - is a severe heap corruption vulnerability discovered in Microsoft Word's RTF parser. This","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/03\/CVE-2023-21716-Critical-Microsoft-Word-RCE-Vulnerability.png","width":1280,"height":720,"caption":"Critical Microsoft Word RCE: CVE-2023-21716"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/cve-2023-21716-critical-microsoft-word-rce-proof-of-concept-released\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"CVE-2023-21716, Critical Microsoft Word RCE Proof-of-Concept Released"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/5c69c0bdd8490edfc08d16d35d727470","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=2247"}],"version-history":[{"count":26,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2247\/revisions"}],"predecessor-version":[{"id":3478,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2247\/revisions\/3478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/2268"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=2247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=2247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=2247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}