CVE-2017-0197

Опубликовано: 12 апр. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

Ссылки

http://www.securityfocus.com/bid/97411
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038241
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197
Patch
Vendor Advisory
https://twitter.com/buffaloverflow/status/852937040480149505
Third Party Advisory
http://www.securityfocus.com/bid/97411
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038241
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197
Patch
Vendor Advisory
https://twitter.com/buffaloverflow/status/852937040480149505
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.27808

Средний

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-0197

msrc

больше 8 лет назад

Microsoft OneNote Remote Code Execution Vulnerability

GHSA-gcvm-v83h-fhq2