about CVE, VBS macro (e.g CVE-2023-23399, CVE-2023-28311)

정재석 0 Reputation points

It appears that CVE-2023-23399 and CVE-2023-28311 are vulnerabilities related to VBS macros. Consequently, patches have been implemented, and the latest version has been released. However, macro features can still be exploited. What exactly is being patched to prevent this? In my understanding, internal actions may be acceptable, but is a CVE assigned if it's possible to download or execute external files using these vulnerabilities?

A family of Microsoft spreadsheet software with tools for analyzing, charting, and communicating data.
1,088 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,043 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Emi Zhang-MSFT 19,046 Reputation points Microsoft Vendor


    CVE-2023-28311: Microsoft Word Remote Code Execution Vulnerability

    CVE-2023-23399: Microsoft Excel Remote Code Execution Vulnerability

    It seems they are related to the Remote code Execution Vulnerability?

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments