CVE-2017-8743

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.8HIGH

EPSS

32.4%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Powerpoint Microsoft Sharepoint Server

Timeline

PublishedSep 13

Latest updateMay 17

Description

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/sharepoint_server2016

▶NVDmicrosoft/powerpoint2016

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m674-4xwc-r94v: A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when↗2022-05-17

▶

CVEList

CVE-2017-8743: A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft PowerPoint Remote Code Execution Vulnerability↗2017-09-12

▶