CVE-2017-0199
Microsoft Office and WordPad Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
23Exploited in Wild
YesDecision
Descriptions
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office DLL Loading Vulnerability".
Microsoft Excel contains a remote code execution vulnerability upon processing OLE objects. Versions 2007, 2010, 2013, and 2016 are affected on both architectures.
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2017-04-12 CVE Published
- 2017-04-13 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-10-25 EPSS Updated
CWE
CAPEC
References (37)
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199 | 2017-04-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2013 Search vendor "Microsoft" for product "Office" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2016 Search vendor "Microsoft" for product "Office" and version "2016" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Affected
| ||||||
Philips Search vendor "Philips" | Intellispace Portal Search vendor "Philips" for product "Intellispace Portal" | 7.0 Search vendor "Philips" for product "Intellispace Portal" and version "7.0" | - |
Affected
| ||||||
Philips Search vendor "Philips" | Intellispace Portal Search vendor "Philips" for product "Intellispace Portal" | 8.0 Search vendor "Philips" for product "Intellispace Portal" and version "8.0" | - |
Affected
|