CVE Vulnerabilities

CVE-2017-0281

Published: May 12, 2017 | Modified: Oct 03, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.

Affected Software

Name Vendor Start Version End Version
Office Microsoft 2007 2007
Office Microsoft 2010 2010
Office Microsoft 2013 2013
Office Microsoft 2016 2016
Office_online_server Microsoft 2016 2016
Office_web_apps Microsoft 2010 2010
Office_web_apps Microsoft 2013 2013
Project_server Microsoft 2013 2013
Sharepoint_foundation Microsoft 2013 2013
Sharepoint_server Microsoft 2010 2010
Sharepoint_server Microsoft 2013 2013
Sharepoint_server Microsoft 2016 2016
Skype_for_business Microsoft 2016 2016
Word Microsoft 2016 2016

References