CVE-2017-8742

Published: Sep 13, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.

Affected (11)

Products: Microsoft: Office Compatibility Pack, Office Web Apps, Office Web Apps Server, Powerpoint, Powerpoint Viewer, Sharepoint Enterprise Server, Sharepoint Server

Microsoft

7 products

Office Compatibility Pack

Office Web Apps

Office Web Apps Server

Powerpoint

Powerpoint Viewer

Sharepoint Enterprise Server

Sharepoint Server

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office Compatibility Pack	All versions
Microsoft Office Web Apps	Version 2010 sp2
Microsoft Office Web Apps Server	Version 2013 sp1
Microsoft Powerpoint	Version 2007 sp3
Microsoft Powerpoint	Version 2010 sp2
Microsoft Powerpoint	Version 2013 sp1
Microsoft Powerpoint	Version 2013 sp1
Microsoft Powerpoint	Version 2016
Microsoft Powerpoint Viewer	Version 2010
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Server	Version 2016