CVE-2017-0243
published 2017-07-11CVE-2017-0243: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution…
PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
21.47%
97.3th percentile
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | business_productivity_servers | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | web_applications | — | — |
| msrc | microsoft_business_productivity_servers_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2007_service_pack_3 | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_web_apps_2010_service_pack_2 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Office Remote Code Execution Vulnerability
vendor_msrc·2017-07-11·CVSS 7.8
CVE-2017-0243 [HIGH] Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an
GHSA
GHSA-c2m8-mp3j-qvvc: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2017-0243 [HIGH] CWE-119 GHSA-c2m8-mp3j-qvvc: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.
GHSA
GHSA-p72w-9mwc-fgvp: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2017-8570 [HIGH] GHSA-p72w-9mwc-fgvp: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - July 2017
blogs_talos·2017-07-11·CVSS 7.8
CVE-2017-8463 [HIGH] Microsoft Patch Tuesday - July 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer, Office, and Windows.
### Vulnerabilities Rated Critical
#### CVE-2017-8463
This is a remote code execution vulnerability related to the way that Windows Explorer handles executable files and shares during rename operations. If exploited this vulnerability could run arbitrary code, users not running as administrators would be less affected. This vulnerability can be triggered via a malicious share folder and malware named with an executable extension.
#### CVE-2017-8584 A remote code execution vul
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-11-2017
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 07-11-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/99446http://www.securitytracker.com/id/1038851https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243http://www.securityfocus.com/bid/99446http://www.securitytracker.com/id/1038851https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243
2017-07-11
Published