CVE-2017-0262

CVSS 7.8 HIGHEPSS 80.7%● KEV

In short

Microsoft Office versions 2010, 2013, and 2016 have a vulnerability that allows attackers to run malicious code on your computer if you open a specially crafted Office document. This happens because the software doesn't safely manage data in memory.

Technical detail

A memory handling flaw in Microsoft Office 2010 SP2, 2013 SP1, and 2016 enables remote code execution when processing maliciously crafted Office documents. The attack vector requires user interaction (opening a document), and successful exploitation results in arbitrary code execution with the privileges of the affected user.

Summary generated and translated by AI from the official description.

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft Corporation · Microsoft Office

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0262 http://www.securityfocus.com/bid/98279