⚠ Actively exploited

Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-08-10. Required action: Apply updates per vendor instructions..

CVE-2017-0262 — Use After Free in Corporation Microsoft Office

CWE-416 — Use After Free22 documents11 sources

Severity

7.8HIGHNVD

EPSS

64.3%

top 1.55%

CISA KEV

KEV

Added 2022-02-10

Due 2022-08-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Corporation Microsoft Office Microsoft Office Microsoft Office Online Server +10 more

Timeline

PublishedMay 12

KEV addedFeb 10

Latest updateJun 21

KEV dueAug 10

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

▶msrcmsrc/microsoft_office_2016

▶msrcmsrc/microsoft_office_2010_service_pack_2

▶msrcmsrc/microsoft_office_2013_service_pack_1

▶msrcmsrc/microsoft_office_2013_rt_service_pack_1

▶NVDmicrosoft/office4 versions+3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gq33-m2fg-cpvh: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1↗2022-05-13

▶

GHSA

GHSA-vmqq-f768-gx47: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj↗2022-05-13

▶

GHSA

GHSA-vxg6-wq4c-3428: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle obj↗2022-05-13

▶

VulnCheck

Microsoft Office Remote Code Execution Vulnerability↗2017

▶

📋Vendor Advisories

CISA

Microsoft Office Remote Code Execution Vulnerability↗2022-02-10

▶

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2017-05-09

▶

🕵️Threat Intelligence

Qualys

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys↗2022-02-23

▶

Tenable

Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts↗2021-01-21

▶

Securelist

A Slice of 2017 Sofacy Activity↗2018-02-20

▶

Securelist

A Slice of 2017 Sofacy Activity↗2018-02-20

▶

Securelist

IT threat evolution Q2 2017. Statistics↗2017-08-15

▶

📄Research Papers

arXiv

Identification of Attack Paths Using Kill Chain and Attack Graphs↗2022-06-21

▶

External resources

NVD MITRE CISA KEV

Affected products13

Microsoft Corporation Microsoft OfficevMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.

Microsoft Officev2007v2010v2013+1 more

Microsoft Office Online Serverv2016

Microsoft Office WEB Appsv2010v2013

Microsoft Project Serverv2013

Microsoft Sharepoint Foundationv2013

Microsoft Sharepoint Serverv2010v2013v2016

Microsoft Skype FOR Businessv2016

Microsoft Wordv2016

Msrc Microsoft Office 2010 Service Pack 2

Disclosure

PublishedMay 12, 2017

KEV addedFeb 10, 2022

Latest updateJun 21, 2022

KEV dueAug 10, 2022