CVE-2017-0243

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office 2007 Sp2 And Sp3, Microsoft Office 2010 Sp2, Microsoft Office Web Apps 2010 Sp2, And Microsoft Business Productivity Servers 2010 Sp2.
Vendor
CVE Published:
11 July 2017

Summary

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.

Affected Version(s)

Microsoft Office 2007 SP2 and SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, and Microsoft Business Productivity Servers 2010 SP2. Microsoft Office

References

http://www.securitytracker.com/id/1038851
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99446
vdb-entryx_refsource_BID

EPSS Score

83% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.