CVE-2017-8512 : A remote code execution vulnerability exists in Microsoft Office when the softwa

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.

Published 2017-06-15 01:29:04

Updated 2019-10-03 00:03:26

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2017-8512

Microsoft » Office » Version: 2007 Update SP3
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2013 Update SP1
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Office » Version: 2016
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Word Automation Services » Version: N/A
cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Sharepoint Server » Version: 2010 Update SP2
Microsoft » Office Web Apps Server » Version: 2013 Update SP1
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Online Server » Version: 2016
cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2016
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2013 Update SP1
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-8512

EPSS FAQ

7.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-8512

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-8512

http://www.securityfocus.com/bid/98816

Microsoft Office CVE-2017-8512 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038668

Microsoft Office File Processing Memory Handling and DLL Loading Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512

CVE-2017-8512 | Microsoft Office Remote Code Execution Vulnerability
Mitigation;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2017-8512

Products affected by CVE-2017-8512

Exploit prediction scoring system (EPSS) score for CVE-2017-8512

CVSS scores for CVE-2017-8512

References for CVE-2017-8512