CVE-2023-21716 is a critical vulnerability in Microsoft Office's wwlib that allows attackers to execute arbitrary code with the privileges of the victim who opens a malicious RTF document.
The vulnerability affects several versions of Microsoft Office, including Office 365, 2016, 2013, 2010, and 2007.
Attackers can exploit this vulnerability by delivering a malicious RTF file via email or other means.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.