cvelistv5 - cve-2017-8501

CVE-2017-8501 (GCVE-0-2017-8501)

Vulnerability from cvelistv5 – Published: 2017-07-11 21:00 – Updated: 2024-09-16 23:31

Summary

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1038851	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/99441	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-us/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.	Affected: Microsoft Office

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:23.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038851",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038851"
          },
          {
            "name": "99441",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99441"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Office"
            }
          ]
        }
      ],
      "datePublic": "2017-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-12T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1038851",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038851"
        },
        {
          "name": "99441",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99441"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-07-11T00:00:00",
          "ID": "CVE-2017-8501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Office"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038851",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038851"
            },
            {
              "name": "99441",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99441"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-8501",
    "datePublished": "2017-07-11T21:00:00Z",
    "dateReserved": "2017-05-03T00:00:00",
    "dateUpdated": "2024-09-16T23:31:06.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"94F5E2F8-0D37-4FCC-B55A-9F09C421272C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E36D981E-E56D-46C7-9486-FC691A75C497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F564117D-450D-45C4-9688-AF35F630A8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09BF0981-749E-470B-A7AC-95AD087797EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"447CCA6E-9955-4771-82DD-925380F3C439\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"71AF058A-2E5D-4B11-88DB-8903C64B13C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6C0BD17-4324-4DFF-9804-1825C4C182A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"993E5C5C-4C78-4CDA-BF67-5A35814EF621\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \\\"Microsoft Office Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-8502.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Office permite una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo debido a la forma en la que gestiona los objetos en la memoria. Esto tambi\\u00e9n se conoce como \\\"Microsoft Office Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-8502.\"}]",
      "id": "CVE-2017-8501",
      "lastModified": "2024-11-21T03:34:08.707",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-07-11T21:29:00.640",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99441\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038851\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99441\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038851\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8501\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-07-11T21:29:00.640\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \\\"Microsoft Office Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-8502.\"},{\"lang\":\"es\",\"value\":\"Microsoft Office permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \\\"Microsoft Office Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-8502.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F5E2F8-0D37-4FCC-B55A-9F09C421272C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36D981E-E56D-46C7-9486-FC691A75C497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F564117D-450D-45C4-9688-AF35F630A8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09BF0981-749E-470B-A7AC-95AD087797EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"0D84FC39-29AA-4EF2-ACE7-E72635126F2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"447CCA6E-9955-4771-82DD-925380F3C439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"71AF058A-2E5D-4B11-88DB-8903C64B13C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6C0BD17-4324-4DFF-9804-1825C4C182A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"993E5C5C-4C78-4CDA-BF67-5A35814EF621\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99441\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038851\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-15998

Vulnerability from cnvd - Published: 2017-07-24

Title

Microsoft Office内存破坏漏洞（CNVD-2017-15998）

Description

Microsoft Office是美国微软（Microsoft）公司开发的一款办公软件套件产品。常用组件有Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office中存在内存破坏漏洞，该漏洞源于程序未能正确的处理内存中的对象。远程攻击者可借助特制的文件利用该漏洞在当前用户的上下文中执行任意代码或造成拒绝服务。

Severity

高

Patch Name

Microsoft Office内存破坏漏洞（CNVD-2017-15998）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-8501

Impacted products

Name
['Microsoft Office 2011 for Mac', 'Microsoft Excel 2007 SP3', 'Microsoft Excel 2010 SP2', 'Microsoft Excel 2013 SP1', 'Microsoft Excel 2013 RT SP1', 'Microsoft Office Excel Viewer 2007 SP3', 'Microsoft Excel Services on SharePoint Server 2010 SP2', 'Microsoft Excel 2016', 'Microsoft Office 2016 for Mac', 'Microsoft Office Online Server 2016', 'Microsoft SharePoint Enterprise Server 2013']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99441"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8501"
    }
  },
  "description": "Microsoft Office\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u5e38\u7528\u7ec4\u4ef6\u6709Word\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\r\n\r\nMicrosoft Office\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Yangkang (@dnpushme) \u0026 Liyadong \u0026 Wanglu of Qihoo360 Qex Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-15998",
  "openTime": "2017-07-24",
  "patchDescription": "Microsoft Office\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u5e38\u7528\u7ec4\u4ef6\u6709Word\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\r\n\r\nMicrosoft Office\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Office\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-15998\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Office 2011 for Mac",
      "Microsoft Excel 2007 SP3",
      "Microsoft Excel 2010 SP2",
      "Microsoft Excel 2013 SP1",
      "Microsoft Excel 2013 RT  SP1",
      "Microsoft Office Excel Viewer 2007 SP3",
      "Microsoft Excel Services on SharePoint Server 2010 SP2",
      "Microsoft Excel 2016",
      "Microsoft Office 2016 for Mac",
      "Microsoft Office Online Server 2016",
      "Microsoft SharePoint Enterprise Server 2013"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8501",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-13",
  "title": "Microsoft Office\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-15998\uff09"
}

GHSA-V8JM-4C35-4GHR

Vulnerability from github – Published: 2022-05-17 02:29 – Updated: 2022-05-17 02:29

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502.",
  "id": "GHSA-v8jm-4c35-4ghr",
  "modified": "2022-05-17T02:29:36Z",
  "published": "2022-05-17T02:29:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8501"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99441"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038851"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-8501

Vulnerability from fkie_nvd - Published: 2017-07-11 21:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/99441	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1038851	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99441	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038851	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	excel	2007
microsoft	excel	2010
microsoft	excel	2013
microsoft	excel	2013
microsoft	excel	2016
microsoft	excel_viewer	2007
microsoft	office	2011
microsoft	office	2016
microsoft	office_compatibility_pack	-
microsoft	office_online_server	2016
microsoft	sharepoint_server	2010
microsoft	sharepoint_server	2013

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "94F5E2F8-0D37-4FCC-B55A-9F09C421272C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
              "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*",
              "matchCriteriaId": "447CCA6E-9955-4771-82DD-925380F3C439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C0BD17-4324-4DFF-9804-1825C4C182A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "993E5C5C-4C78-4CDA-BF67-5A35814EF621",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
    },
    {
      "lang": "es",
      "value": "Microsoft Office permite una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo debido a la forma en la que gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Office Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-8502."
    }
  ],
  "id": "CVE-2017-8501",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-11T21:29:00.640",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99441"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038851"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-208

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Excel 2007, 2010, 2013 et 2016
Microsoft	Office	Office 2013 RT
Microsoft	Office	SharePoint Server 2010
Microsoft	Office	Office 2016 pour Mac
Microsoft	Office	Office 2007, 2010, 2013 et 2016
Microsoft	Office	SharePoint Enterprise Server 2016
Microsoft	Office	Office pour Mac
Microsoft	Office	Office Online Server 2016

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 juillet 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Excel 2007, 2010, 2013 et 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2016 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2007, 2010, 2013 et 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Online Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8570"
    },
    {
      "name": "CVE-2017-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0243"
    },
    {
      "name": "CVE-2017-8501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8501"
    },
    {
      "name": "CVE-2017-8502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8502"
    },
    {
      "name": "CVE-2017-8569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8569"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-208",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 juillet 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99"
    }
  ]
}

CERTFR-2017-AVI-208

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Excel 2007, 2010, 2013 et 2016
Microsoft	Office	Office 2013 RT
Microsoft	Office	SharePoint Server 2010
Microsoft	Office	Office 2016 pour Mac
Microsoft	Office	Office 2007, 2010, 2013 et 2016
Microsoft	Office	SharePoint Enterprise Server 2016
Microsoft	Office	Office pour Mac
Microsoft	Office	Office Online Server 2016

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 juillet 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Excel 2007, 2010, 2013 et 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2013 RT",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Server 2010",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2016 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2007, 2010, 2013 et 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Online Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-8570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8570"
    },
    {
      "name": "CVE-2017-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0243"
    },
    {
      "name": "CVE-2017-8501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8501"
    },
    {
      "name": "CVE-2017-8502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8502"
    },
    {
      "name": "CVE-2017-8569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8569"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-208",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 juillet 2017",
      "url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99"
    }
  ]
}

GSD-2017-8501

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8501

Aliases

CVE-2017-8501

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8501",
    "description": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502.",
    "id": "GSD-2017-8501"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8501"
      ],
      "details": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502.",
      "id": "GSD-2017-8501",
      "modified": "2023-12-13T01:21:08.461585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-07-11T00:00:00",
        "ID": "CVE-2017-8501",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office 2007 SP3, Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Excel Services on Microsoft SharePoint Server 2010 SP1, Microsoft Office for Mac 2011, Microsoft Excel 2013 SP1, Microsoft Excel 2013 RT SP1, Microsoft SharePoint Enterprise Server 2013, Microsoft Excel 2016, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, and Microsoft Office Compatibility Pack SP3.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Office"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038851",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038851"
          },
          {
            "name": "99441",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99441"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2016:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-8501"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8502."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8501"
            },
            {
              "name": "1038851",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038851"
            },
            {
              "name": "99441",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99441"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-14T10:32Z",
      "publishedDate": "2017-07-11T21:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8501 (GCVE-0-2017-8501)

CNVD-2017-15998

GHSA-V8JM-4C35-4GHR

FKIE_CVE-2017-8501

CERTFR-2017-AVI-208

Solution

CERTFR-2017-AVI-208

Solution

GSD-2017-8501

Tags

Sightings

Nomenclature