CVE-2017-0261

HIGH7.8

CISA KEVHigh EPSS

Description

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft Corporation / Microsoft OfficeMicrosoft Office 2010 SP2, Office 2013 SP1, and Office 2016 – Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016

References

VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261
MISChttp://www.securityfocus.com/bid/98104
MISChttp://www.securitytracker.com/id/1038444