CVE-2017-0053 : Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1,

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052.

Published 2017-03-17 00:59:01

Updated 2017-07-12 01:29:06

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-0053

Probability of exploitation activity in the next 30 days: 10.78%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-0053

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-0053

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0053

http://www.securityfocus.com/bid/96745

Microsoft Office CVE-2017-0053 Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053

CVE-2017-0053 | Microsoft Office Memory Corruption Vulnerability
Patch;Vendor Advisory
http://www.securitytracker.com/id/1038010

Microsoft Office Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Products affected by CVE-2017-0053

Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2007 Update SP3
cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2010 Update SP2
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Word » Version: 2016
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer
cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-0053

Exploit prediction scoring system (EPSS) score for CVE-2017-0053

CVSS scores for CVE-2017-0053

CWE ids for CVE-2017-0053

References for CVE-2017-0053

Products affected by CVE-2017-0053