Remote Code Execution Vulnerability in Microsoft Office and Windows Products
CVE-2017-0108

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Graphics Component
Vendor
CVE Published:
17 March 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 25%

Summary

The Windows Graphics Component within several Microsoft Office and Windows versions is vulnerable to remote code execution. Attackers can exploit this vulnerability by crafting specific web content that, when accessed by a user, can trigger execution of arbitrary code. This puts numerous Microsoft products including older versions of Office and Windows systems at risk of compromise, leading to potential data breaches and unauthorized access.

Affected Version(s)

Windows Graphics Component The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-0108
Created by homjxi0e

References

http://www.securityfocus.com/bid/96722
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038002
vdb-entryx_refsource_SECTRACK

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-0108 : Remote Code Execution Vulnerability in Microsoft Office and Windows Products | SecurityVulnerability.io