CVE-2023-21734: 
vulnerability analysis and mitigation

Microsoft Office Remote Code Execution Vulnerability (CVE-2023-21734) was disclosed on January 10, 2023. This vulnerability affects multiple Microsoft products including Microsoft 365 Apps for Enterprise, Microsoft Office 2019 for Mac, and Microsoft Office LTSC for Mac 2021 (MSRC, NVD). The vulnerability is unique from CVE-2023-21735.

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, no privileges required, and user interaction is required. The vulnerability has been classified as CWE-416 (Use After Free) (AttackerKB).

If successfully exploited, this vulnerability could lead to high impacts on confidentiality, integrity, and availability of the affected systems. The high CVSS score of 7.8 indicates significant potential impact on the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to update their Microsoft Office installations to the latest versions. For Microsoft 365 Apps for Enterprise, updates are available through https://aka.ms/OfficeSecurityReleases. For Mac users, version 16.69.23010700 addresses this vulnerability for both Office 2019 and LTSC 2021 (MSRC).