⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-0261Use After Free in Corporation Microsoft Office

CWE-416Use After Free23 documents10 sources
Severity
7.8HIGHNVD
EPSS
92.5%
top 0.26%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Microsoft Corporation Microsoft OfficeMicrosoft OfficeMicrosoft Office Online Server+6 more
Timeline
PublishedMay 12
KEV addedMar 3
KEV dueMar 24
Latest updateNov 1
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDmicrosoft/office4 versions+3
NVDmicrosoft/office_web_apps2010, 2013+1
CVEListV5microsoft_corporation/microsoft_officeMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016., Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016+1
NVDmicrosoft/word2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-gq33-m2fg-cpvh: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP12022-05-13
GHSA
GHSA-vmqq-f768-gx47: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj2022-05-13
GHSA
GHSA-vxg6-wq4c-3428: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj2022-05-13
CVEList
CVE-2017-0261: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj2017-05-12
CVEList
CVE-2017-0262: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj2017-05-12

📋Vendor Advisories

2
CISA
Microsoft Office Use-After-Free Vulnerability2022-03-03
Microsoft
Microsoft Office Remote Code Execution Vulnerability2017-05-09

🕵️Threat Intelligence

11
Securelist
APT trends report Q3 20222022-11-01
Securelist
APT trends report Q3 20222022-11-01
Unit42
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent2018-03-07
Unit42
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent2018-03-07
Securelist
IT threat evolution Q2 2017. Statistics2017-08-15