CVE-2017-0194

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
44.2%
top 2.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation OfficeMicrosoft Excel
Timeline
PublishedApr 12
Latest updateMay 17

Description

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5microsoft_corporation/officeExcel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2
NVDmicrosoft/excel2007, 2010+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-h6qg-53mg-343v: Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from proc2022-05-17
CVEList
CVE-2017-0194: Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from proc2017-04-12

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2017-04-11
CVE-2017-0194 (MEDIUM CVSS 5.5) | Microsoft Excel 2007 SP3 | cvebase.io