Remote Code Execution Vulnerability in Microsoft PowerPoint
CVE-2017-8513

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Powerpoint
Vendor: CVE Published:; 15 June 2017

Summary

There exists a security vulnerability in Microsoft PowerPoint that enables attackers to execute arbitrary code by manipulating objects in memory. This flaw occurs when PowerPoint improperly processes crafted content, potentially allowing a malicious actor to control a victim's system. Users opening a malicious PowerPoint file may expose their systems to exploitation, emphasizing the importance of applying security updates promptly.

Affected Version(s)

Microsoft PowerPoint Microsoft PowerPoint 2007 Service Pack 3 and Microsoft SharePoint Server 2007 Service Pack 3.

References

http://www.securityfocus.com/bid/98830

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2017
Vulnerability Reserved
May 3, 2017