CVE-2017-8632
HIGHMicrosoft Excel - Remote Code Execution via Memory Corruption
Title source: llmDescription
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100734
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039315
Scores
CVSS v3
7.8
EPSS
0.1905
EPSS Percentile
95.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (8)
microsoft/excel
2010 sp2
microsoft/excel
2013 sp1 (2 CPE variants)
microsoft/excel
2016
microsoft/excel_for_mac
2011
microsoft/excel_for_mac
2016
microsoft/office_compatibility_pack
microsoft/office_web_apps
2013
Microsoft Corporation/Microsoft Office
Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Se
Published
Sep 13, 2017
Tracked Since
Feb 18, 2026