⚠ Actively exploited
Added to CISA KEV on 2022-02-25. Federal agencies required to patch by 2022-08-25. Required action: Apply updates per vendor instructions..
CVE-2017-8570 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Business Productivity Servers
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer61 documents17 sources
Severity
7.8HIGHNVD
EPSS
94.2%
top 0.07%
CISA KEV
KEV
Added 2022-02-25
Due 2022-08-25
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 11
KEV addedFeb 25
KEV dueAug 25
Latest updateFeb 12
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-c2m8-mp3j-qvvc: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec↗2022-05-17
GHSA▶
GHSA-p72w-9mwc-fgvp: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Exec↗2022-05-13