CVE-2017-8570 : Microsoft Office allows a remote code execution vulnerability due to the way tha

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Published 2017-07-11 21:29:01

Updated 2025-02-10 15:15:10

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2017-8570

Microsoft » Office » Version: 2007 Update SP3
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2013 Update SP1
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2013 Update SP1 RT Edition
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
Matching versions
Microsoft » Office » Version: 2016
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
Matching versions

CVE-2017-8570 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Office Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2017-8570

Added on 2022-02-25 Action due date 2022-08-25

Exploit prediction scoring system (EPSS) score for CVE-2017-8570

EPSS FAQ

94.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-8570

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-10
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-8570

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570

CVE-2017-8570 | Microsoft Office Remote Code Execution Vulnerability
Patch;Vendor Advisory
https://github.com/rxwx/CVE-2017-8570

GitHub - rxwx/CVE-2017-8570: Proof of Concept exploit for CVE-2017-8570
Third Party Advisory
https://github.com/tezukanice/Office8570

GitHub - tezukanice/Office8570: CVE20178570
Exploit;Third Party Advisory
http://www.securityfocus.com/bid/99445

Microsoft Office CVE-2017-8570 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://github.com/ParsingTeam/ppsx-file-generator

GitHub - ParsingTeam/ppsx-file-generator: CVE-2017-8570 Exploit
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-8570

Products affected by CVE-2017-8570

CVE-2017-8570 is in the CISA Known Exploited Vulnerabilities Catalog

Exploit prediction scoring system (EPSS) score for CVE-2017-8570

CVSS scores for CVE-2017-8570

References for CVE-2017-8570