cbcvebase.
CVE-2017-0053
published 2017-03-17

CVE-2017-0053: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow…

PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
16.74%
96.6th percentile
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftexcel
microsoftexcel
microsoftexcel
microsoftexcel
microsoftoffice
microsoftoffice_web_apps
microsoftoffice_web_apps
microsoftsharepoint_server
microsoftsharepoint_server
microsoftword
microsoftword
microsoftword
microsoftword
microsoft_corporationoffice
msrcmicrosoft_office_2010_service_pack_2
msrcmicrosoft_office_compatibility_pack_service_pack_3
msrcmicrosoft_office_word_viewer
msrcmicrosoft_word_2007_service_pack_3
msrcmicrosoft_word_2010_service_pack_2
msrcmicrosoft_word_2013_rt_service_pack_1
msrcmicrosoft_word_2013_service_pack_1
msrcmicrosoft_word_2016

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.