9.3

CVE-2017-8570

Warnung
Exploit
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2013 Updatesp1
MicrosoftOffice Version2013 Updatesp1 SwEditionrt
MicrosoftOffice Version2016 HwPlatformx64
MicrosoftOffice Version2016 HwPlatformx86

25.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Remote Code Execution Vulnerability

Schwachstelle

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 89.89% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/99445
Third Party Advisory
Broken Link
VDB Entry
https://github.com/ParsingTeam/ppsx-file-generator
Third Party Advisory
Exploit
https://github.com/rxwx/CVE-2017-8570
Third Party Advisory
https://github.com/tezukanice/Office8570
Third Party Advisory
Exploit
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8570
US Government Resource