CVE-2023-29344: 
vulnerability analysis and mitigation

Microsoft Office Remote Code Execution Vulnerability (CVE-2023-29344) is a security flaw affecting various Microsoft Office products including Microsoft 365 Apps Enterprise, Office 2019 for macOS, and Office LTSC 2021 for macOS. The vulnerability was initially disclosed on April 4, 2023, and received updates through November 2023 (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is Local (AV:L) with Low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is Unchanged (S:U) with High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the compromised user, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to update to the latest version of affected Microsoft Office products. For Office for Mac, version 16.73.0 and later contains the fix (Rapid7).