9.3

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExcel Version2007 Updatesp3
MicrosoftExcel Version2010 Updatesp2
MicrosoftExcel Version2013 Updatesp1
MicrosoftExcel Version2013 Updatesp1 SwEditionrt
MicrosoftExcel Version2016
MicrosoftExcel Viewer Version2007 Updatesp3
MicrosoftOffice Version2011 Editionmac
MicrosoftOffice Version2016 Editionmac
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftSharepoint Server Version2010 Updatesp2
MicrosoftSharepoint Server Version2013
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.77% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1038851
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/99441
Third Party Advisory
VDB Entry