MS.WordPad.CVE-2023-36563.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Microsoft WordPad.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted RTF file. Successful exploitation could result in the disclosure of information which may be used to compromise the target system.
Affected Products
Microsoft Windows version 10 1809 prior to KB5031361.
Microsoft Windows version 10 21h2 prior to KB5031356.
Microsoft Windows version 10 22h2 prior to KB5031356.
Microsoft Windows version 11 21h2 prior to KB5031358.
Microsoft Windows version 11 22h2 prior to KB5031354.
Microsoft Windows Server 2016 prior to KB5031362.
Microsoft Windows Server 2019 prior to KB5031361.
Microsoft Windows Server 2022 prior to KB5031364.
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |