CVE-2017-8632

CWE-119 — Buffer Overflow5 documents5 sources

Severity

7.8HIGH

EPSS

19.0%

top 4.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Excel Microsoft Excel FOR MAC +1 more

Timeline

PublishedSep 13

Latest updateMay 17

Description

A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, an…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/excel4 versions+3

▶NVDmicrosoft/office_web_apps2013

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-27j6-vgrr-h838: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2022-05-17

▶

OSV

linux vulnerabilities↗2017-10-31

▶

CVEList

CVE-2017-8632: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2017-09-12

▶