CVE-2017-0029

6 documents5 sources
Severity
5.5MEDIUM
EPSS
22.6%
top 4.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Corporation OfficeMicrosoft OfficeMicrosoft Word
Timeline
PublishedMar 17
Latest updateMay 13

Description

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDmicrosoft/word2010, 2013, 2016+2
CVEListV5microsoft_corporation/officeOffice 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-r7qm-wmhv-c7qf: Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a2022-05-13
CVEList
CVE-2017-0029: Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a2017-03-17

💥Exploits & PoCs

2
Exploit-DB
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)2017-02-22
Exploit-DB
EasyCom For PHP 4.0.0 - Denial of Service2017-02-22

📋Vendor Advisories

1
Microsoft
Microsoft Office Denial of Service Vulnerability2017-03-14
CVE-2017-0029 (MEDIUM CVSS 5.5) | Microsoft Office 2010 SP2 | cvebase.io