9.3

CVE-2017-8570

Warning
Exploit

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2013 Updatesp1
MicrosoftOffice Version2013 Updatesp1 SwEditionrt
MicrosoftOffice Version2016 HwPlatformx64
MicrosoftOffice Version2016 HwPlatformx86

25.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.25% 0.999
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
http://www.securityfocus.com/bid/99445
Third Party Advisory
Broken Link
VDB Entry
https://github.com/tezukanice/Office8570
Third Party Advisory
Exploit