Threat Advisory

Exploit Publicly available for MS Word Remote Code Execution flaw

March 10, 2023 | By Accorian

CVE-2023-21716, a heap corruption vulnerability that was patched by Microsoft as part of its February 2023 Patch Tuesday cycle, now has it’s exploit publicly accessible. The vulnerability holds a CVSS score of 9.8 and can allow attackers to execute code remotely without needing any authentication. The flaw impacts several MS Office and SharePoint versions, as well as Microsoft 365 Apps for Enterprise.

The vulnerability exists in Microsoft Word’s RTF parser and is a heap corruption issue. Attackers can remotely execute code with the same level of privileges as the victim if successfully exploited. The flaw does not require prior authentication, attackers can simply send a decoy RTF file to the victim(s) via email. ‘Protected View’, a feature of Microsoft Office 2010 and later, helps to reduce the impact that a malicious document provided from untrusted sources might cause. As the vulnerability exists when ‘Protected View’ is in use, exploiting it would require an additional sandbox escape vulnerability to gain full privileges.

Although Microsoft has released fixes for CVE-2023-21716, it is strongly advised that organizations patch right away because the Proof of Concept is now widely available. Microsoft has also issued temporary solutions for CVE-2023-21716.


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide