virus logo Intrusion Prevention

MS.WordPad.CVE-2023-36563.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Microsoft WordPad.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted RTF file. Successful exploitation could result in the disclosure of information which may be used to compromise the target system.

affected-products-logoAffected Products

Microsoft Windows version 10 1809 prior to KB5031361.
Microsoft Windows version 10 21h2 prior to KB5031356.
Microsoft Windows version 10 22h2 prior to KB5031356.
Microsoft Windows version 11 21h2 prior to KB5031358.
Microsoft Windows version 11 22h2 prior to KB5031354.
Microsoft Windows Server 2016 prior to KB5031362.
Microsoft Windows Server 2019 prior to KB5031361.
Microsoft Windows Server 2022 prior to KB5031364.

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-04-11 27.765 Default_action:pass:drop
2024-04-02 27.759
ID 55238
Created Mar 25, 2024
Updated Apr 02, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-36563
Known Exploited Yes
Exploit Prediction Score 0.19%
Default Action drop
Active
Affected OS Windows
Affected App Other