CVE-2017-0105

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Ссылки

http://www.securityfocus.com/bid/96746
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96746
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.36469

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-0105

msrc

больше 8 лет назад

Microsoft Office Information Disclosure Vulnerability

GHSA-9gmf-q99j-vm3h