Remote Code Execution Vulnerability in Microsoft Office
CVE-2017-0243
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 11 July 2017
Summary
A remote code execution vulnerability exists in Microsoft Office that arises from incorrect handling of objects in memory. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user. This could allow for unauthorized access to sensitive information and system functionalities. Users are urged to apply security updates provided by Microsoft to mitigate the risks associated with this critical security flaw.
Affected Version(s)
Microsoft Office 2007 SP2 and SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, and Microsoft Business Productivity Servers 2010 SP2. Microsoft Office
References
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved