CVE-2017-8663
published 2017-08-01CVE-2017-8663: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code…
PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
20.08%
97.1th percentile
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2010_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2010_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_outlook_2007_service_pack_3 | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Office Remote Code Execution Vulnerability
vendor_msrc·2017-07-11·CVSS 7.8
CVE-2017-8663 [HIGH] Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Offiice. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file.
The security update addresses the vulnerability by correcting the way that Microsoft Offiice par
GHSA
GHSA-8g93-59h5-qx5g: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote
ghsa_unreviewed·2022-05-13
CVE-2017-8663 [HIGH] CWE-119 GHSA-8g93-59h5-qx5g: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/100004http://www.securitytracker.com/id/1039011https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663http://www.securityfocus.com/bid/100004http://www.securitytracker.com/id/1039011https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
2017-08-01
Published