CVE-2017-0031
Severity
7.8HIGH
EPSS
21.9%
top 4.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateMay 17
Description
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5microsoft_corporation/officeOffice 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-4f5j-ff9g-x3f2: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a↗2022-05-17
CVEList▶
CVE-2017-0031: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a↗2017-03-17