CVE-2017-0199
CVE-2017-0199
In short
Microsoft Office and WordPad have a vulnerability that allows attackers to execute malicious code on your computer by sending you a specially crafted document. If you open the document, the attacker gains control of your system.
Technical detail
Remote code execution vulnerability in Microsoft Office 2007-2016 and WordPad affecting Windows Vista through Windows 8.1, exploitable through crafted documents that abuse Windows API functionality. Attack vector is network-based via document delivery; requires user interaction (opening the file); results in arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Office/WordPadpublic PoCs found — 31
githubgithub.com/bhdresh/CVE-2017-0199★ 724githubgithub.com/haibara3839/CVE-2017-0199-master★ 16githubgithub.com/NotAwful/CVE-2017-0199-Fix★ 13githubgithub.com/SyFi/cve-2017-0199★ 12githubgithub.com/Exploit-install/CVE-2017-0199★ 7githubgithub.com/jacobsoo/RTF-Cleaner★ 3githubgithub.com/mzakyz666/PoC-CVE-2017-0199★ 2githubgithub.com/Sunqiz/CVE-2017-0199-reprofuction★ 2githubgithub.com/n1shant-sinha/CVE-2017-0199★ 2githubgithub.com/kn0wm4d/htattack★ 2githubgithub.com/nicpenning/RTF-Cleaner★ 2githubgithub.com/herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199★ 2githubgithub.com/ahmed-tarek22752/RCE-CVE-2017-0199-detection-analysis★ 1githubgithub.com/Phantomlancer123/CVE-2017-0199★ 1githubgithub.com/TheCyberWatchers/CVE-2017-0199-v5.0★ 0githubgithub.com/BlackOclock/XLS-to-DBatLoader-or-GuLoader-for-AgentTesla-variant★ 0githubgithub.com/ryhanson/CVE-2017-0199★ 0githubgithub.com/joke998/Cve-2017-0199★ 0githubgithub.com/joke998/Cve-2017-0199-★ 0githubgithub.com/sUbc0ol/Microsoft-Word-CVE-2017-0199-★ 0githubgithub.com/viethdgit/CVE-2017-0199★ 0githubgithub.com/likekabin/CVE-2017-0199★ 0githubgithub.com/stealth-ronin/CVE-2017-0199-PY-KIT★ 0githubgithub.com/BRAINIAC22/CVE-2017-0199★ 0githubgithub.com/kash-123/CVE-2017-0199★ 0exploitdbwww.exploit-db.com/exploits/41894unverifiedcve_referencewww.exploit-db.com/exploits/41934/unverifiedcve_referencewww.exploit-db.com/exploits/42995/unverifiedexploitdbwww.exploit-db.com/exploits/42995unverifiedexploitdbwww.exploit-db.com/exploits/41934unverifiedcve_referencewww.exploit-db.com/exploits/41894/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.htmlhttps://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0199https://www.exploit-db.com/exploits/41894/https://www.exploit-db.com/exploits/41934/https://www.exploit-db.com/exploits/42995/https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlhttps://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/http://www.securityfocus.com/bid/97498http://www.securitytracker.com/id/1038224