CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.4%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.
Below is a complete list of vulnerabilities:
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats
CVE-2017-0284 warning
CVE-2017-8528 critical
CVE-2017-0292 critical
CVE-2017-0285 warning
CVE-2017-8534 warning
CVE-2017-0283 critical
CVE-2017-8550 warning
CVE-2017-0282 warning
CVE-2017-0260 critical
CVE-2017-8509 critical
CVE-2017-0286 warning
CVE-2017-0287 warning
CVE-2017-0288 warning
CVE-2017-0289 warning
CVE-2017-8527 critical
CVE-2017-8531 warning
CVE-2017-8532 warning
CVE-2017-8533 warning
CVE-2017-8506 critical
CVE-2017-8507 critical
CVE-2017-8508 warning
CVE-2017-8510 critical
CVE-2017-8511 critical
CVE-2017-8512 critical
CVE-2017-8513 critical
CVE-2017-8545 warning
CVE-2017-8551 warning
CVE-2017-8514 warning
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/3118304
support.microsoft.com/kb/3118389
support.microsoft.com/kb/3127888
support.microsoft.com/kb/3127894
support.microsoft.com/kb/3162051
support.microsoft.com/kb/3172445
support.microsoft.com/kb/3178667
support.microsoft.com/kb/3191828
support.microsoft.com/kb/3191837
support.microsoft.com/kb/3191844
support.microsoft.com/kb/3191848
support.microsoft.com/kb/3191882
support.microsoft.com/kb/3191898
support.microsoft.com/kb/3191908
support.microsoft.com/kb/3191932
support.microsoft.com/kb/3191938
support.microsoft.com/kb/3191939
support.microsoft.com/kb/3191943
support.microsoft.com/kb/3191944
support.microsoft.com/kb/3191945
support.microsoft.com/kb/3203382
support.microsoft.com/kb/3203383
support.microsoft.com/kb/3203384
support.microsoft.com/kb/3203386
support.microsoft.com/kb/3203387
support.microsoft.com/kb/3203390
support.microsoft.com/kb/3203391
support.microsoft.com/kb/3203392
support.microsoft.com/kb/3203393
support.microsoft.com/kb/3203399
support.microsoft.com/kb/3203427
support.microsoft.com/kb/3203430
support.microsoft.com/kb/3203432
support.microsoft.com/kb/3203436
support.microsoft.com/kb/3203438
support.microsoft.com/kb/3203441
support.microsoft.com/kb/3203458
support.microsoft.com/kb/3203460
support.microsoft.com/kb/3203461
support.microsoft.com/kb/3203463
support.microsoft.com/kb/3203464
support.microsoft.com/kb/3203466
support.microsoft.com/kb/3203467
support.microsoft.com/kb/3203484
support.microsoft.com/kb/3203485
support.microsoft.com/kb/3212223
support.microsoft.com/kb/3213537
support.microsoft.com/kb/4020732
support.microsoft.com/kb/4020733
support.microsoft.com/kb/4020734
support.microsoft.com/kb/4020735
support.microsoft.com/kb/4020736
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170008
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0282
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0284
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0285
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0286
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0287
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0289
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8509
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8510
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8511
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8514
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8534
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8545
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8545
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8551
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Office-PowerPoint/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Word/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.4%