CVE-2017-0027

MEDIUM

Microsoft Excel - Information Disclosure

Title source: rule

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96043

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038010

Scores

CVSS v3 4.7

EPSS 0.2974

EPSS Percentile 96.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (7)

microsoft/excel

microsoft/office_compatibility_pack

microsoft/sharepoint_server

Microsoft Corporation/Office < Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Ex

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026