cbcvebase.
CVE-2017-8744
published 2017-09-13

CVE-2017-8744: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013…

PriorityP346high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
17.22%
96.7th percentile
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.

Affected

19 ranges
VendorProductVersion rangeFixed in
microsoftexcel
microsoftexcel
microsoftexcel
microsoftexcel
microsoftexcel_for_mac
microsoftexcel_for_mac
microsoftexcel_viewer
microsoftexcel_web_app
microsoftoffice
microsoftoffice
microsoftoffice
microsoftoffice
microsoftoffice_web_apps
microsoft_corporationmicrosoft_office
msrcmicrosoft_office_2007_service_pack_3
msrcmicrosoft_office_2010_service_pack_2
msrcmicrosoft_office_2013_rt_service_pack_1
msrcmicrosoft_office_2013_service_pack_1
msrcmicrosoft_office_2016

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.