[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134729

 
 

909

 
 

109403

 
 

153

Paid content will be excluded from the download.


Download | Alert*
OVAL

Microsoft Office Remote Code Execution - CVE-2017-0260

ID: oval:org.secpod.oval:def:40971Date: (C)2017-06-15   (M)2019-11-30
Class: VULNERABILITYFamily: windows




A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.To exploit the vulnerability, an attacker would first have to convince user to opena specially crafted office document. The updates address the vulnerability by correcting how Office validates input before loading DLL files.

Platform:
Microsoft Windows Server 2019
Microsoft Windows 10
Microsoft Windows XP
Microsoft Windows Server 2012
Microsoft Windows Server 2003
Microsoft Windows 8.1
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Product:
Microsoft Office 2013
Microsoft Office 2016
Reference:
CVE-2017-0260
CVE    1
CVE-2017-0260
CPE    19
cpe:/o:microsoft:windows_server_2008::sp2
cpe:/o:microsoft:windows_server_2008:r2:sp1:x64
cpe:/o:microsoft:windows_server_2008:::x64
cpe:/o:microsoft:windows_server_2008:::x86
...

© SecPod Technologies