CVE-2017-0197
published 2017-04-12CVE-2017-0197: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL…
PriorityP349high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
19.07%
97.0th percentile
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | onenote | — | — |
| microsoft | onenote | — | — |
| microsoft_corporation | office | — | — |
| msrc | microsoft_onenote_2007_service_pack_3 | — | — |
| msrc | microsoft_onenote_2010_service_pack_2 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft OneNote Remote Code Execution Vulnerability
vendor_msrc·2017-04-11·CVSS 7.8
CVE-2017-0197 [HIGH] Microsoft OneNote Remote Code Execution Vulnerability
Microsoft OneNote Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft OneNote improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must first convince a user to open a specially crafted OneNote document.
The updates address the vulnerability by correcting how OneNote validates input before loading DLL fi
GHSA
GHSA-gcvm-v83h-fhq2: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi
ghsa_unreviewed·2022-05-17
CVE-2017-0197 [HIGH] CWE-20 GHSA-gcvm-v83h-fhq2: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Offi
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
## Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
## Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of security features when document loading is done via Outlook attachments for certain crafted emails. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Manage
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
### Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of
security features when document loading is done via Outlook attachments for
certain crafted emails. Successful exploitation of this issue may grant an
attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Management classes or the Powershell Get-WmiOb
http://www.securityfocus.com/bid/97411http://www.securitytracker.com/id/1038241https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197https://twitter.com/buffaloverflow/status/852937040480149505http://www.securityfocus.com/bid/97411http://www.securitytracker.com/id/1038241https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197https://twitter.com/buffaloverflow/status/852937040480149505
2017-04-12
Published