CVE-2017-0194

Опубликовано: 12 апр. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Ссылки

http://www.securityfocus.com/bid/97436
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038244
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194
Patch
Vendor Advisory
http://www.securityfocus.com/bid/97436
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038244
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.44218

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-0194

msrc

около 8 лет назад

Microsoft Excel Information Disclosure Vulnerability

GHSA-h6qg-53mg-343v