CVE-2023-21716— Microsoft Word Remote Code Execution Vulnerability

CVSS 9.8 · Critical EPSS 91.42% · P100 Updated Mar 01, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-21716

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Microsoft Word Remote Code Execution Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft Word Remote Code Execution Vulnerability

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

整数溢出或超界折返

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Word 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。 Microsoft Office Word存在安全漏洞。以下产品和版本受到影响：Microsoft Office Online Server,Microsoft Office 2019 for Mac,Microsoft 365 Apps for Enterprise for 64-bit Systems,Microsoft SharePoint Enterprise Server 2016,Micr

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE
Microsoft	Microsoft Office LTSC for Mac 2021	16.0.1 ~ 16.70.23021201	-
Microsoft	Microsoft Office LTSC 2021	16.0.1 ~ https://aka.ms/OfficeSecurityReleases	-
Microsoft	Microsoft SharePoint Server Subscription Edition	16.0.0 ~ 16.0.15601.20478	-
Microsoft	Microsoft 365 Apps for Enterprise	16.0.1 ~ https://aka.ms/OfficeSecurityReleases	-
Microsoft	SharePoint Server Subscription Edition Language Pack	16.0.0 ~ 16.0.15601.20478	-
Microsoft	Microsoft Office Online Server	16.0.1 ~ 16.0.10395.20001	-
Microsoft	Microsoft Office 2019 for Mac	16.0.0 ~ 16.70.23021201	-
Microsoft	Microsoft Office 2019	19.0.0 ~ https://aka.ms/OfficeSecurityReleases	-
Microsoft	Microsoft SharePoint Enterprise Server 2016	16.0.0 ~ 16.0.5383.1000	-
Microsoft	Microsoft SharePoint Enterprise Server 2013 Service Pack 1	15.0.0 ~ 15.0.5529.1000	-
Microsoft	Microsoft SharePoint Server 2019	16.0.0 ~ 16.0.10395.20001	-
Microsoft	Microsoft Word 2016	16.0.1 ~ 16.0.5383.1000	-
Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1	15.0.1 ~ 15.0.5529.1000	-
Microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1	15.0.0 ~ 15.0.5529.1000	-
Microsoft	Microsoft Word 2013 Service Pack 1	15.0.1 ~ 15.0.5529.1000	-
Microsoft	Microsoft Word 2013 Service Pack 1	15.0.1 ~ 15.0.5529.1000	-

II. Public POCs for CVE-2023-21716

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/FeatherStark/CVE-2023-21716	POC Details
2	RTF Crash POC Python 3.11 Windows 10	https://github.com/Xnuvers007/CVE-2023-21716	POC Details
3	A vulnerability within Microsoft Office's wwlib allows attackers to achieve remote code execution with the privileges of the victim that opens a malicious RTF document. The attacker could deliver this file as an email attachment (or other means).	https://github.com/gyaansastra/CVE-2023-21716	POC Details
4	Results of retrohunt for files matching YARA rules from https://github.com/AmgdGocha/Detection-Rules/blob/main/CVE-2023-21716.yar	https://github.com/mikesxrs/CVE-2023-21716_YARA_Results	POC Details
5	Microsoft Word 远程代码执行漏洞	https://github.com/CKevens/CVE-2023-21716-POC	POC Details
6	test of exploit for CVE-2023-21716	https://github.com/hv0l/CVE-2023-21716_exploit	POC Details
7	POC : CVE-2023-21716 Microsoft Word RTF Font Table Heap Corruption	https://github.com/JMousqueton/CVE-2023-21716	POC Details
8	python program to exploit CVE-2023-21716	https://github.com/Lord-of-the-IoT/CVE-2023-21716	POC Details
9	This is an exploit file which is used to check CVE-2021-21716 vulnerability	https://github.com/MojithaR/CVE-2023-21716-EXPLOIT.py	POC Details
10	Microsoft Word 远程代码执行漏洞	https://github.com/3yujw7njai/CVE-2023-21716-POC	POC Details
11	POC CVE 2023-21716	https://github.com/n0s3ns33/poc-cve-2023-21716	POC Details
12	Proof Of Concept for CVE-2023-21716 Microsoft Word Heap Corruption	https://github.com/RonF98/CVE-2023-21716-POC	POC Details
13	Microsoft Word 远程代码执行漏洞	https://github.com/AiK1d/CVE-2023-21716-POC	POC Details
14	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E5%85%B6%E4%BB%96%E6%BC%8F%E6%B4%9E/Microsoft%20Word%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-21716.md	POC Details
15	Microsoft Word 远程代码执行漏洞	https://github.com/P4x1s/CVE-2023-21716-POC	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-21716

请登录查看更多情报信息。

Same Patch Batch · Microsoft · 2023-02-14 · 78 CVEs total

CVE-2023-21689	9.8 CRITICAL	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulner
CVE-2023-21690	9.8 CRITICAL	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulner
CVE-2023-21692	9.8 CRITICAL	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulner
CVE-2023-21803	9.8 CRITICAL	Windows iSCSI Discovery Service Remote Code Execution Vulnerability
CVE-2023-21685	8.8 HIGH	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-21684	8.8 HIGH	Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21706	8.8 HIGH	Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21705	8.8 HIGH	Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21707	8.8 HIGH	Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21717	8.8 HIGH	Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-21529	8.8 HIGH	Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21713	8.8 HIGH	Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21798	8.8 HIGH	Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21799	8.8 HIGH	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-21686	8.8 HIGH	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-21797	8.8 HIGH	Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21777	8.7 HIGH	Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2023-23374	8.3 HIGH	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-21806	8.2 HIGH	Power BI Report Server Spoofing Vulnerability
CVE-2023-21778	8.0 HIGH	Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability

Showing top 20 of 78 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Microsoft Office LTSC for Mac 2021

Same vendor: Microsoft

Same weakness: CWE-190

V. Comments for CVE-2023-21716

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-21716— Microsoft Word Remote Code Execution Vulnerability

I. Basic Information for CVE-2023-21716

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2023-21716

III. Intelligence Information for CVE-2023-21716

Same Patch Batch · Microsoft · 2023-02-14 · 78 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-21716

Leave a comment