← Back

CVE-2017-0281

nvd nist
Published: May 12, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.

Affected (14)

Microsoft
8 products
Office
Office Online Server
Office Web Apps
Project Server
Sharepoint Foundation
Sharepoint Server
Skype For Business
Word
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office
Version 2007 sp3
Office
Version 2010 sp2
Office
Version 2013 sp1
Office
Version 2016
Office Online Server
Version 2016
Microsoft
Office Web Apps
Version 2010 sp2
Office Web Apps
Version 2013 sp1
Project Server
Version 2013 sp1
Sharepoint Foundation
Version 2013 sp1
Microsoft
Sharepoint Server
Version 2010 sp2
Sharepoint Server
Version 2013 sp1
Sharepoint Server
Version 2016
Skype For Business
Version 2016
Word
Version 2016

References (4)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.