[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Microsoft Office Remote Code Execution Vulnerability - CVE-2017-0262

ID: oval:org.secpod.oval:def:40468Date: (C)2017-05-10   (M)2023-04-20
Class: VULNERABILITYFamily: windows




A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system.This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.When this fix is published, Microsoft had received reports of limited targeted attacks using this vulnerability.

Platform:
Microsoft Windows Server 2022
Microsoft Windows 11
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows 10
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2016
Microsoft Windows XP
Microsoft Windows Server 2019
Product:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Reference:
CVE-2017-0262
CVE    1
CVE-2017-0262
CPE    5
cpe:/a:microsoft:office:2013:sp1
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office:2013
cpe:/a:microsoft:office:2010
...

© SecPod Technologies