CVE-2017-0195

Опубликовано: 12 апр. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/97417
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195
Patch
Vendor Advisory
http://www.securityfocus.com/bid/97417
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01103

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-0195

msrc

больше 8 лет назад

Microsoft Office XSS Elevation of Privilege Vulnerability

GHSA-w7pr-r354-3wwp