1. Home
  2. CVE Database
  3. CVE-2023-36897
HIGH · 8.1

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Vulnerability Description

Visual Studio Tools for Office Runtime Spoofing Vulnerability

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
Microsoft365 Apps-
MicrosoftOffice2019
MicrosoftOffice Long Term Servicing Channel2021
MicrosoftVisual Studio 2010 Tools For Office Runtime-
MicrosoftVisual Studio 2017>= 15.0, < 15.9.56
MicrosoftVisual Studio 2019>= 16.0, < 16.11.29
MicrosoftVisual Studio 2022>= 17.2.0, < 17.2.18

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2023-36897?

CVE-2023-36897 is a vulnerability with a CVSS score of 8.1 (HIGH). Visual Studio Tools for Office Runtime Spoofing Vulnerability

How severe is CVE-2023-36897?

CVE-2023-36897 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-36897?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft 365 Apps, Microsoft Office, Microsoft Office Long Term Servicing Channel, Microsoft Visual Studio 2010 Tools For Office Runtime, Microsoft Visual Studio 2017.