CVE-2023-36884CISA KEV: Actively Exploited

Microsoft Windows Search Remote Code Execution Vulnerability

Published Jul 17, 2023·Updated Jul 17, 2023

Description

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

Public Exploits & PoCs8 found

PoC: CVE-2023-36884-MS-Office-HTML-RCE

MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit

PoC: CVE-2023-36884

#comeonits2023 #ie9 #Storm-0978

PoC: CVE-2023-36884

PowerShell Script for initial mitigation of vulnerability

PoC: CVE-2023-36884_patcher

CVE-2023-36884 临时补丁

PoC: CVE-2023-36884-Checker

Script to check for CVE-2023-36884 hardening

PoC: CVE-2023-36884

This is an emergency solution while Microsoft addresses the vulnerability.

PoC: Storm0978-RomCom-Campaign

Recent Campaign abusing CVE-2023-36884

PoC: CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline

The remediation script should set the reg entries described in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 . The detection script checks if they exist. Provided AS-IS without any warrenty.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free