CVE-2017-0003Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Sharepoint Enterprise Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
7.8HIGHNVD
EPSS
33.6%
top 3.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Sharepoint Enterprise ServerMicrosoft Word
Timeline
PublishedJan 10
Latest updateMay 14

Description

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/word2016

🔴Vulnerability Details

2
GHSA
GHSA-7fw9-7v97-fp5r: Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi2022-05-14
CVEList
CVE-2017-0003: Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi2017-01-10

💥Exploits & PoCs

1
Exploit-DB
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities2017-06-28

📋Vendor Advisories

1
Microsoft
Microsoft Office Memory Corruption Vulnerability2017-01-10

💬Community

2
Bugzilla
CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)2017-10-09
Bugzilla
CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning2017-08-22
CVE-2017-0003 — Microsoft vulnerability | cvebase