cbcvebase.
CVE-2017-8631
published 2017-09-13

CVE-2017-8631: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013…

high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.

Affected

25 ranges
VendorProductVersion rangeFixed in
microsoftexcel
microsoftexcel
microsoftexcel
microsoftexcel
microsoftexcel_for_mac
microsoftexcel_for_mac
microsoftexcel_viewer
microsoftexcel_web_app
microsoftoffice
microsoftoffice_web_apps
microsoft_corporationmicrosoft_office
msrcexcel_services_on_microsoft_sharepoint_server_2007_service_pack_3
msrcexcel_services_on_microsoft_sharepoint_server_2010_service_pack_2
msrcmicrosoft_excel_2007_service_pack_3
msrcmicrosoft_excel_2010_service_pack_2
msrcmicrosoft_excel_2013_rt_service_pack_1
msrcmicrosoft_excel_2013_service_pack_1
msrcmicrosoft_excel_2016
msrcmicrosoft_excel_2016_for_mac
msrcmicrosoft_excel_for_mac_2011
msrcmicrosoft_excel_viewer_2007_service_pack_3
msrcmicrosoft_excel_web_app_2013_service_pack_1
msrcmicrosoft_office_compatibility_pack_service_pack_3
msrcmicrosoft_office_web_apps_2013_service_pack_1
msrcoffice_online_server

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H