CVE-2017-8630 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Office

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents5 sources

Severity

7.8HIGHNVD

EPSS

22.8%

top 4.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Excel Microsoft Excel FOR MAC +4 more

Timeline

PublishedSep 13

Latest updateMay 17

Description

Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDmicrosoft/office4 versions+3

▶NVDmicrosoft/office_web_apps2013

▶CVEListV5microsoft_corporation/microsoft_office4 versions+3

▶NVDmicrosoft/excel5 versions+4

▶NVDmicrosoft/excel_viewer2007

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4r2h-p7qv-cxcx: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Co↗2022-05-17

▶

GHSA

GHSA-27j6-vgrr-h838: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2022-05-17

▶

GHSA

GHSA-7fpc-7483-wqph: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex↗2022-05-14

▶

GHSA

GHSA-69qj-9564-354m: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex↗2022-05-13

▶

CVEList

CVE-2017-8632: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶

External resources

NVD MITRE

Affected products7

Microsoft Corporation Microsoft OfficevExcel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online ServervMicrosoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016vMicrosoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3+1 more

Microsoft Excelv2007v2010v2013+1 more

Microsoft Excel FOR MACv2011v2016

Microsoft Excel Viewerv2007

Microsoft Excel WEB APPv2013

Microsoft Officev2007v2010v2013+1 more

Microsoft Office WEB Appsv2013

Disclosure

PublishedSep 13, 2017

Latest updateMay 17, 2022