CVE-2017-0006
high
CVSS v3
7.8
CVSS v4 NEW
โ
VIR risk
7.8
Description
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Microsoft Security Response Center ยท View original โ ยท proprietary-no-redistribution
Full prose not cached โ VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.
Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | Microsoft Word for Mac 2011 | |
| microsoft | Microsoft Excel for Mac 2011 | |
| microsoft | Windows 7 for 32-bit Systems Service Pack 1 | |
| microsoft | Windows 7 for x64-based Systems Service Pack 1 | |
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | |
| microsoft | Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | |
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | |
| microsoft | Microsoft Lync 2010 (32-bit) | |
| microsoft | Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based) | |
| microsoft | Microsoft Lync for Mac 2011 | |
| microsoft | Microsoft Office 2007 Service Pack 3 | |
| microsoft | Microsoft Excel 2007 Service Pack 3 | |
| microsoft | Microsoft Word 2007 Service Pack 3 | |
| microsoft | Microsoft Lync 2010 Attendee (admin level install) | |
| microsoft | Microsoft Excel Viewer 2007 Service Pack 3 | |
| microsoft | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | |
| microsoft | Microsoft Live Meeting 2007 Console | |
| microsoft | Microsoft Lync 2010 Attendee (user level install) | |
| microsoft | Microsoft Lync 2010 (64-bit) | |
| microsoft | Internet Explorer 9 on Windows Vista Service Pack 2 | |
| microsoft | Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | |
| microsoft | Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2 | |
| microsoft | Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | |
| microsoft | Windows Server 2012 | |
| microsoft | Windows Server 2012 (Server Core installation) | |
| microsoft | Adobe Flash Player on Windows Server 2012 | |
| microsoft | Adobe Flash Player on Windows 8.1 for 32-bit systems | |
| microsoft | Adobe Flash Player on Windows 8.1 for x64-based systems | |
| microsoft | Adobe Flash Player on Windows Server 2012 R2 | |
| microsoft | Adobe Flash Player on Windows RT 8.1 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel_viewer | | |
| microsoft | office_compatibility_pack | | |
| microsoft | sharepoint_server | 2007 | |
References
- http://www.securityfocus.com/bid/96740
- http://www.securitytracker.com/id/1038010
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006
- http://www.securityfocus.com/bid/96740
- http://www.securitytracker.com/id/1038010
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.