CVE-2017-8631

4 documents4 sources
Severity
7.8HIGH
EPSS
21.4%
top 4.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Corporation Microsoft OfficeMicrosoft ExcelMicrosoft Excel Viewer+2 more
Timeline
PublishedSep 13
Latest updateMay 13

Description

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microso

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDmicrosoft/excel4 versions+3
CVEListV5microsoft_corporation/microsoft_officeExcel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-69qj-9564-354m: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex2022-05-13
CVEList
CVE-2017-8631: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex2017-09-13

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2017-09-12
CVE-2017-8631 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io