CVE-2023-35311

Published: Jul 11, 2023Modified: Oct 28, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD (Secondary)

Description

Microsoft Outlook Security Feature Bypass Vulnerability

Affected (6)

Products: Microsoft: 365 Apps, Office, Office Long Term Servicing Channel, Outlook

4 products

Office Long Term Servicing Channel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft 365 Apps	All versions
Microsoft Office	Version 2019
Microsoft Office Long Term Servicing Channel	Version 2021
Microsoft Outlook	Version 2013
Microsoft Outlook	Version 2013 sp1
Microsoft Outlook	Version 2016

Related CWEs

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35311

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.