CVE-2017-8744 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Microsoft Office
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer19 documents6 sources
Severity
7.8HIGHNVD
EPSS
22.8%
top 4.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 13
Latest updateMay 17
Description
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
8GHSA▶
GHSA-4r2h-p7qv-cxcx: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Co↗2022-05-17
GHSA▶
GHSA-27j6-vgrr-h838: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2022-05-17
GHSA▶
GHSA-7fpc-7483-wqph: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex↗2022-05-14
GHSA▶
GHSA-69qj-9564-354m: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Ex↗2022-05-13
CVEList▶
CVE-2017-8632: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Serv↗2017-09-13