CVE-2017-0194

Published: Apr 12, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Affected (3)

Products: Microsoft: Excel, Office Compatibility Pack

2 products

Office Compatibility Pack

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Excel	Version 2007 sp3
Microsoft Excel	Version 2010 sp2
Microsoft Office Compatibility Pack	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/97436

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038244

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/97436

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038244

Source: af854a3a-2127-422b-91ae-364da2661108

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.