CVE-2017-8742

HIGH

Microsoft PowerPoint 2007 SP3-2016 - Remote Code Execution via Memory Corruption

Title source: llm

Description

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039323

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100741

Scores

CVSS v3 7.8

EPSS 0.3652

EPSS Percentile 97.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (11)

microsoft/office_compatibility_pack

microsoft/office_web_apps 2010 sp2

microsoft/office_web_apps_server 2013 sp1

microsoft/powerpoint 2007 sp3

microsoft/powerpoint 2010 sp2

microsoft/powerpoint 2013 sp1 (2 CPE variants)

microsoft/powerpoint 2016

microsoft/powerpoint_viewer 2010

microsoft/sharepoint_enterprise_server 2016

microsoft/sharepoint_server 2016

... and 1 more

Published Sep 13, 2017

Tracked Since Feb 18, 2026