9.3

CVE-2017-8742

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftOffice Web Apps Version2010 Updatesp2
MicrosoftOffice Web Apps Server Version2013 Updatesp1
MicrosoftPowerpoint Version2007 Updatesp3
MicrosoftPowerpoint Version2010 Updatesp2
MicrosoftPowerpoint Version2013 Updatesp1
MicrosoftPowerpoint Version2013 Updatesp1 SwEditionrt
MicrosoftPowerpoint Version2016
MicrosoftPowerpoint Viewer Version2010
MicrosoftSharepoint Server Version2016
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.72% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/100741
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039323
Third Party Advisory
VDB Entry