Lucene search

MicrosoftCVE-2017-8512

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-8512

2017-06-1501:29:03

microsoft

web.nvd.nist.gov

cve-2017-8512

microsoft office

remote code execution

vulnerability

nvd

memory handling

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.232

Percentile

96.7%

JSON

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.

Affected configurations

Nvd

Vulners

Node

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp2

microsoftofficeMatch2013sp1

microsoftofficeMatch2013sp1rt

microsoftofficeMatch2016

microsoftoffice_online_serverMatch2016

microsoftoffice_web_appsMatch2010sp2

microsoftoffice_web_apps_serverMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2016

Node

microsoftword_automation_servicesMatch-

AND

microsoftsharepoint_serverMatch2010sp2

VendorProductVersionCPE
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
microsoftoffice_online_server2016cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps_server2013cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_enterprise_server2013cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_enterprise_server2016cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2007	cpe:2.3:a:microsoft:office:2007:sp3::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1:::rt:::*
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::::*
microsoft	office_online_server	2016	cpe:2.3:a:microsoft:office_online_server:2016:::::::*
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
microsoft	office_web_apps_server	2013	cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1::::::
microsoft	sharepoint_enterprise_server	2013	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1::::::
microsoft	sharepoint_enterprise_server	2016	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services."
      }
    ]
  }
]