CVE-2017-8663

Опубликовано: 01 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"

Ссылки

http://www.securityfocus.com/bid/100004
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039011
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100004
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039011
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8663
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.1816

Средний

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-8663

msrc

почти 8 лет назад

Microsoft Office Remote Code Execution Vulnerability

GHSA-8g93-59h5-qx5g