about CVE, VBS macro (e.g CVE-2023-23399, CVE-2023-28311)

정재석 0 Reputation points
2023-04-27T01:10:11.9233333+00:00

It appears that CVE-2023-23399 and CVE-2023-28311 are vulnerabilities related to VBS macros. Consequently, patches have been implemented, and the latest version has been released. However, macro features can still be exploited. What exactly is being patched to prevent this? In my understanding, internal actions may be acceptable, but is a CVE assigned if it's possible to download or execute external files using these vulnerabilities?

Excel
Excel
A family of Microsoft spreadsheet software with tools for analyzing, charting, and communicating data.
1,887 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,896 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Emi Zhang-MSFT 24,986 Reputation points Microsoft Vendor
    2023-04-27T09:56:33.0733333+00:00

    Hi,

    CVE-2023-28311: Microsoft Word Remote Code Execution Vulnerability

    CVE-2023-23399: Microsoft Excel Remote Code Execution Vulnerability

    It seems they are related to the Remote code Execution Vulnerability?


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.