Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2023-36045: CWE-822: Untrusted Pointer Dereference in Microsoft Microsoft Office 2019

0
High
VulnerabilityCVE-2023-36045cvecve-2023-36045cwe-822
Published: Tue Nov 14 2023 (11/14/2023, 17:57:32 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Microsoft Office 2019

Description

Microsoft Office Graphics Remote Code Execution Vulnerability

AI-Powered Analysis

AILast updated: 10/09/2025, 00:23:22 UTC

Technical Analysis

CVE-2023-36045 is a vulnerability identified in Microsoft Office 2019 (version 19.0.0) involving an untrusted pointer dereference in the graphics component, classified under CWE-822. This flaw allows remote code execution (RCE) when a user opens a specially crafted Office document containing malicious graphics content. The vulnerability arises because the software improperly handles pointers during graphics processing, leading to memory corruption that attackers can exploit to execute arbitrary code. The CVSS 3.1 base score is 7.8, indicating high severity, with an attack vector classified as local (AV:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the widespread use of Microsoft Office 2019 in enterprise environments. The vulnerability was reserved in June 2023 and published in November 2023, with no patch links currently available, suggesting that remediation may be pending or in progress. The vulnerability is enriched by CISA, indicating recognition by US cybersecurity authorities. Attackers could leverage this flaw to gain control over affected systems, potentially leading to data breaches, system compromise, or disruption of business operations.

Potential Impact

For European organizations, this vulnerability presents a substantial risk due to the widespread deployment of Microsoft Office 2019 across various sectors including government, finance, healthcare, and critical infrastructure. Successful exploitation could lead to unauthorized access, data exfiltration, and disruption of services, impacting confidentiality, integrity, and availability of sensitive information and operational systems. The requirement for user interaction means phishing or social engineering campaigns could be used to deliver malicious documents. Given the high impact on all security dimensions and the critical role of Office in daily business workflows, organizations could face operational downtime, reputational damage, and regulatory penalties under GDPR if personal data is compromised. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as threat actors often develop exploits rapidly after public disclosure.

Mitigation Recommendations

Organizations should prioritize monitoring for official Microsoft security advisories and apply patches immediately once released. Until patches are available, implement strict email filtering and attachment scanning to block or quarantine suspicious Office documents, especially those containing graphics or macros. Employ endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to memory corruption or code execution attempts. Educate users on the risks of opening unsolicited or unexpected Office documents and enforce policies restricting document sources. Consider disabling or restricting Office features related to graphics rendering if feasible. Network segmentation and least privilege principles should be enforced to limit lateral movement in case of compromise. Regular backups and incident response plans should be updated to address potential exploitation scenarios.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2023-06-20T20:44:39.828Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbee4fa

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 10/9/2025, 12:23:22 AM

Last updated: 10/16/2025, 3:17:15 PM

Views: 28

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats