CVE-2017-0243
HIGHMicrosoft Office and Business Productivity Servers - Remote Code Execution via Memory Object Handling
Title source: llmDescription
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038851
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99446
Scores
CVSS v3
7.8
EPSS
0.3404
EPSS Percentile
97.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (5)
microsoft/business_productivity_servers
2010 sp2
microsoft/office
2007 sp3
microsoft/office
2010 sp2
microsoft/web_applications
2010 sp2
Microsoft Corporation/Microsoft Office 2007 SP2 and SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, and Microsoft Business Productivity Servers 2010 SP2.
Microsoft Office
Published
Jul 11, 2017
Tracked Since
Feb 18, 2026