CVE-2017-0261
CVE-2017-0261
In short
Microsoft Office versions 2010, 2013, and 2016 have a memory handling flaw that allows attackers to run malicious code on a victim's computer by tricking them into opening a crafted document.
Technical detail
Use-after-free vulnerability (CWE-416) in Office object memory management allows remote code execution via specially crafted Office documents. Attack requires user interaction (document opening); successful exploitation grants arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Microsoft Officepublic PoCs found — 2
githubgithub.com/kcufId/eps-CVE-2017-0261★ 10githubgithub.com/erfze/CVE-2017-0261★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →