CVE-2017-0105 : Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Offi

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Published 2017-03-17 00:59:03

Updated 2017-07-12 01:29:07

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2017-0105

Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2007 Update SP3
cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: 2010 Update SP2
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Version: N/A Update SP3
cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word Automation Services » Version: N/A
cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Word For Mac » Version: 2011
cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-0105

EPSS FAQ

36.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0105

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-0105

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0105

http://www.securityfocus.com/bid/96746

Microsoft Office CVE-2017-0105 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105

CVE-2017-0105 | Microsoft Office Information Disclosure Vulnerability
Patch;Vendor Advisory
http://www.securitytracker.com/id/1038010

Microsoft Office Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-0105

Products affected by CVE-2017-0105

Exploit prediction scoring system (EPSS) score for CVE-2017-0105

CVSS scores for CVE-2017-0105

CWE ids for CVE-2017-0105

References for CVE-2017-0105