CVE-2017-8570
CVE-2017-8570
In short
Microsoft Office has a flaw in how it manages data in memory that allows attackers to run malicious code on your computer by sending you a specially crafted file. This is dangerous because it can give attackers complete control of your system.
Technical detail
A memory handling vulnerability in Microsoft Office enables remote code execution when processing specially crafted documents. The attack vector is user interaction (opening a malicious file), with no additional privileges required. Successful exploitation results in arbitrary code execution in the context of the affected Office application.
Summary generated and translated by AI from the official description.
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.public PoCs found — 8
githubgithub.com/rxwx/CVE-2017-8570★ 185githubgithub.com/temesgeny/ppsx-file-generator★ 66githubgithub.com/SwordSheath/CVE-2017-8570★ 5githubgithub.com/Drac0nids/CVE-2017-8570★ 2githubgithub.com/erfze/CVE-2017-8570★ 1githubgithub.com/MaxSecurity/Office-CVE-2017-8570★ 0githubgithub.com/sasqwatch/CVE-2017-8570★ 0exploitdbwww.exploit-db.com/exploits/44263unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/ParsingTeam/ppsx-file-generatorhttps://github.com/rxwx/CVE-2017-8570https://github.com/tezukanice/Office8570https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8570http://www.securityfocus.com/bid/99445