CVE-2023-36884
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
17 articles
EPSS Score
Source: FIRST.org · 2026-05-24
93.0%
probability
This CVE has a 93.0% probability
of being exploited in the next 30 days.
0%
Top 99.8th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroOffice and Windows HTML Remote Code Execution
Google Project Zero
Discovered
July 5, 2023
Patched
Aug. 8, 2023
Reported by
Vlad Stolyarov, Clement Lecigne and Bahare Sabouri of Google’s Threat Analysis Group (TAG), Paul Rascagneres & Tom Lancaster with Volexity, Microsoft Office Product Group Security Team
Root Cause Analysis
???
Exploits & PoC
jakabakos/CVE-2023-36884-MS-Office-HTML-RCE
MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
41
Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline
The remediation script should set the reg entries described in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 . The detection sc
27
tarraschk/CVE-2023-36884-Checker
Script to check for CVE-2023-36884 hardening
15
ridsoliveira/Fix-CVE-2023-36884
PoC CVE-2023-36884 — ridsoliveira/Fix-CVE-2023-36884
2
4 repos — triés par ⭐
Rechercher sur GitHub ↗
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
BleepingComputer
Aug 08, 2023
Defense Lessons From the Black Basta Ransomware Playbook
Qualys
Feb 25, 2025
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
Qualys
Jul 11, 2023
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
BleepingComputer
Jul 11, 2023
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable-Research
May 27, 2026
Microsoft Office update breaks actively exploited RCE attack chain
BleepingComputer
Aug 08, 2023
CISA orders govt agencies to mitigate Windows and Office zero-days
BleepingComputer
Jul 18, 2023
Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws
BleepingComputer
Jul 11, 2023
Security Advisory 2023-045
CERT-EU
Jul 12, 2023
Firefox and Windows zero-days exploited by Russian RomCom hackers
BleepingComputer
Nov 26, 2024
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review
Qualys
Aug 08, 2023
Vulnérabilité dans les produits Microsoft (12 juillet 2023)
CERT-FR
Jul 12, 2023
Signal Intelligence
Confidence
85%
EPSS
93.0%
Mentions
17
Last Seen
May 27, 2026
CNA Information
Analyst Note
CVE-2023-36884 is a confirmed Windows Search RCE vulnerability with HIGH severity (CVSS 7.5) that received official attention from CERT-EU and CERT-FR during July 2023 Patch Tuesday, and has been publicly exploited by RomCom hackers as documented in credible security reporting. The presence of multiple official security advisories and active exploitation evidence strongly validates the confirmed status despite not yet being listed in CISA KEV.
Threat Actors 55
MuddyWater
apt_group
Information theft and espionage
🇮🇷 IR
Lazarus Group
apt_group
Information theft and espionage
🇰🇵 KP
Turla Group
apt_group
Information theft and espionage
Russian Federation
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
DarkHotel
apt_group
Information theft and espionage
🇰🇷 KR
Cobalt
apt_group
Financial crime
🇷🇺 RU
APT37
apt_group
Information theft and espionage
🇰🇵 KP
FIN7
apt_group
Financial crime
🇷🇺 RU
APT32
apt_group
Information theft and espionage
🇻🇳 VN
Kimsuky
apt_group
Information theft and espionage
🇰🇷 KR
CHRYSENE
apt_group
Information theft and espionage
🇮🇷 IR
Careto
apt_group
Information theft and espionage
🇪🇸 ES
Leviathan
apt_group
Information theft and espionage
🇨🇳 CN
BelialDemon
apt_group
🇷🇺 RU
Energetic Bear
apt_group
Information theft and espionage
🇷🇺 RU
Nitro
apt_group
Information theft and espionage
🇨🇳 CN
MAGNALLIUM
apt_group
Sabotage and destruction
🇮🇷 IR
Ice Fog
apt_group
Information theft and espionage
🇨🇳 CN
DNSpionage
apt_group
Information theft and espionage
🇮🇷 IR
Kinsing
apt_group
🇷🇺 RU
HAZY TIGER
apt_group
Information theft and espionage
🇮🇳 IN
ELECTRUM
apt_group
Information theft and espionage
🇷🇺 RU
Infy
apt_group
Information theft and espionage
🇮🇷 IR
Naikon
apt_group
Information theft and espionage
🇨🇳 CN
TA570
apt_group
🇷🇺 RU
Wekby
apt_group
Information theft and espionage
🇨🇳 CN
Evilnum
apt_group
Information theft and espionage
TeamTNT
apt_group
🇩🇪 DE
ProjectSauron
apt_group
Information theft and espionage
🇺🇸 US
Predatory Sparrow
apt_group
Sabotage and destruction
🇮🇱 IL
PROMETHIUM
apt_group
Information theft and espionage
🇹🇷 TR
TA428
apt_group
Information theft and espionage
🇨🇳 CN
Silence group
apt_group
Financial crime
🇷🇺 RU
Callisto
apt_group
Information theft and espionage
🇷🇺 RU
Pirate Panda
apt_group
Information theft and espionage
🇨🇳 CN
GhostNet
apt_group
Information theft and espionage
🇨🇳 CN
RAZOR TIGER
apt_group
Information theft and espionage
🇮🇳 IN
RomCom
apt_group
Financial gain
🇷🇺 RU
Putter Panda
apt_group
Information theft and espionage
🇨🇳 CN
NetTraveler
apt_group
Information theft and espionage
🇨🇳 CN
El Machete
apt_group
Information theft and espionage
🇻🇪 VE
TeamXRat
apt_group
🇧🇷 BR
IXESHE
apt_group
Information theft and espionage
🇨🇳 CN
Anchor Panda
apt_group
Information theft and espionage
🇨🇳 CN
GCMAN
apt_group
Financial crime
🇷🇺 RU
PowerPool
apt_group
Information theft and espionage
🇷🇺 RU
Blue Termite
apt_group
Information theft and espionage
🇨🇳 CN
Blackgear
apt_group
Information theft and espionage
🇨🇳 CN
GC01
apt_group
Financial gain
🇨🇦 CA
Rocke
apt_group
🇨🇳 CN
Void Rabisu
apt_group
Financial gain
🇷🇺 RU
RedAlpha
apt_group
Information theft and espionage
🇨🇳 CN
Storm-0324
apt_group
Scarab
apt_group
Information theft and espionage
🇨🇳 CN
ZooPark
apt_group
Information theft and espionage
🇮🇷 IR
Triage Info
Decided atMar 03, 2026