CVE-2017-0197

CWE-20Improper Input Validation6 documents5 sources
Severity
7.8HIGH
EPSS
27.8%
top 3.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation OfficeMicrosoft Onenote
Timeline
PublishedApr 12
Latest updateMay 17

Description

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/onenote2007, 2010+1
CVEListV5microsoft_corporation/officeOneNote 2007 SP3 and Microsoft OneNote 2010 SP2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-gcvm-v83h-fhq2: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi2022-05-17
CVEList
CVE-2017-0197: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi2017-04-12

📋Vendor Advisories

1
Microsoft
Microsoft OneNote Remote Code Execution Vulnerability2017-04-11
CVE-2017-0197 (HIGH CVSS 7.8) | Microsoft OneNote 2007 SP3 and Micr | cvebase.io