Skip to main content

Teams CVE-2023-29330

HIGH
Use After Free (CWE-416)
2023-08-08 secure@microsoft.com
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 08, 2023 - 18:15 cve.org
HIGH 8.8

DescriptionCVE.org

Microsoft Teams Remote Code Execution Vulnerability

AnalysisAI

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Affected products include: Microsoft Teams.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

More in Teams

View all
CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2023-4863 HIGH POC
8.8 Sep 12

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to

CVE-2020-10146 MEDIUM POC
5.4 Dec 09

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter tha

CVE-2026-42835 HIGH
8.1 Jun 09

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data

CVE-2023-29328 HIGH
8.8 Aug 08

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely expl

CVE-2026-21535 HIGH
8.2 Feb 19

Microsoft Teams contains an access control vulnerability that enables unauthenticated remote attackers to extract sensit

CVE-2020-17091 HIGH
7.8 Nov 11

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica

CVE-2019-5922 HIGH
7.8 Mar 12

Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Troj

CVE-2025-53783 HIGH
7.5 Aug 12

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. Rated high

CVE-2025-49737 HIGH
7.0 Jul 08

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an

Share

CVE-2023-29330 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy