Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3178690
HistoryMar 14, 2017 - 7:00 a.m.

MS17-014: Description of the security update for Excel 2010: March 14, 2017

2017-03-1407:00:00
Microsoft
support.microsoft.com
31

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.129

Percentile

95.5%

JSON

MS17-014: Description of the security update for Excel 2010: March 14, 2017

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS17-014.

Note To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB4013241.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:

  • When you save a workbook that has future metadata in cells with Boolean or error values in Excel 2010, Excel crashes. Or, the future metadata in cells with Boolean or error values are corrupted.

  • When you copy and paste a range of data that includes external links cross workbooks in Excel 2010, Excel crashes.

  • When you use the Allow Users to Edit Ranges function to add a user to a range data in Excel 2010, Excel crashes.

Known issues in this security update

  • After you install this security update, Excel 2010 may crash or hang (stop responding or freeze) when calculations are performed in a workbook. The calculations may be triggered either by code or by user interaction.

To resolve this issue, install the March 28, 2017 update for Excel 2010 (KB3191855). For more information, click the following article number to view the article in the Microsoft Knowledge Base:3191855 March 28, 2017, update for Excel 2010 (KB3191855)

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB4013241.

Security update replacement information

This security update replaces previously released security update KB3128037.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
excel2010-kb3178690-fullfile-x86-glb.exe A672A9D6065BB4E4747C6CC6997F54C135CA0127 635098AE2E40CE45581268CB0217EC6C728C4C56FA027C9F3939AC18717DDE44
excel2010-kb3178690-fullfile-x64-glb.exe DA89B374474DEE452900DD36EC56F24CF0964C54 1603A7831E3484B395FBE9FE18558E91ED5FE82E6931579F2FF9318A6FBB94C2

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table. For all supported x86-based versions of Excel 2010| File identifier| File name| File version| File size| Date| Time
—|—|—|—|—|—
excel.exe| excel.exe| 14.0.7179.5000| 20,412,096| 17-Feb-2017| 01:39
excel.man| excel.exe.manifest| | 1,194| 06-Nov-2009| 12:00
xl12cnv.exe| excelcnv.exe| 14.0.7179.5000| 17,849,536| 16-Feb-2017| 11:26
xlcall32.dll| xlcall32.dll| 14.0.7162.5000| 10,432| 13-Oct-2015| 07:52
xlicons.exe| xlicons.exe| 14.0.7120.5000| 1,480,360| 05-Mar-2014| 07:06

For all supported x64-based versions of Excel 2010File identifier File name File version File size Date Time
excel.exe excel.exe 14.0.7179.5000 27,668,160 17-Feb-2017 01:42
excel.man excel.exe.manifest 1,196 06-Nov-2009 12:23
xl12cnv.exe excelcnv.exe 14.0.7179.5000 25,062,080 16-Feb-2017 11:25
xlcall32.dll xlcall32.dll 14.0.7162.5000 10,944 13-Oct-2015 08:00
xlicons.exe xlicons.exe 14.0.7120.5000 1,480,360 05-Mar-2014 07:06

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Related

mskb 9
openvas 5
checkpoint_advisories 2
nvd 8
mscve 2
cvelist 8
prion 8
symantec 2
cve 8
nessus 2
kaspersky 1
avleonov 1
mskb
mskb
MS17-014: Description of the security update for Excel 2013: March 14, 2017
2017-03-14 07:00:00
MS17-014: Description of the security update for Excel 2016: March 14, 2017
2017-03-14 07:00:00
MS17-014: Description of the security update for Excel Services on SharePoint Server 2013: March 14, 2017
2017-03-14 07:00:00
openvas
openvas
Microsoft Office Excel Multiple Vulnerabilities (4013241)
2017-03-15 00:00:00
Microsoft Office Information Disclosure Vulnerability (4013241) - Mac OS X
2017-04-13 00:00:00
Microsoft Office Multiple Remote Code Execution Vulnerabilities (4013241) - Mac OS X
2017-03-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Information Disclosure (MS17-014: CVE-2017-0027)
2017-03-14 00:00:00
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0020)
2017-03-14 00:00:00
nvd
nvd
CVE-2017-0027
2017-03-17 00:59:00
CVE-2017-0031
2017-03-17 00:59:00
CVE-2017-0052
2017-03-17 00:59:01
mscve
mscve
Microsoft Excel Information Disclosure Vulnerability
2017-03-14 07:00:00
Microsoft Office Memory Corruption Vulnerability
2017-03-14 07:00:00
cvelist
cvelist
CVE-2017-0027
2017-03-17 00:00:00
CVE-2017-0006
2017-03-17 00:00:00
CVE-2017-0031
2017-03-17 00:00:00
prion
prion
Information disclosure
2017-03-17 00:59:00
Memory corruption
2017-03-17 00:59:00
Memory corruption
2017-03-17 00:59:00
symantec
symantec
Microsoft Office CVE-2017-0027 Information Disclosure Vulnerability
2017-03-14 00:00:00
Microsoft Office CVE-2017-0020 Memory Corruption Vulnerability
2017-03-14 00:00:00
cve
cve
CVE-2017-0027
2017-03-17 00:59:00
CVE-2017-0019
2017-03-17 00:59:00
CVE-2017-0030
2017-03-17 00:59:00
nessus
nessus
MS17-014: Security Update for Microsoft Office (4013241) (macOS)
2017-03-15 00:00:00
MS17-014: Security Update for Microsoft Office (4013241)
2017-03-15 00:00:00
kaspersky
kaspersky
KLA10981 Multiple vulnerabilities in Microsoft Office
2017-03-14 00:00:00
avleonov
avleonov
Downloading and analyzing NVD CVE feed
2017-10-02 23:27:35

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.129

Percentile

95.5%

JSON
Related for KB3178690
mskb9openvas5checkpoint_advisories2nvd8mscve2cvelist8prion8symantec2cve8nessus2kaspersky1avleonov1