Back to KEVs

CVE-2017-0199

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 09, 2016
Published Date
April 12, 2017
Last Updated
February 10, 2025
Vendor
Microsoft Corporation
Product
Office/WordPad
Description
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2023-09-02 19:15:12 UTC) Source
Used in Malware
Yes (added 2021-11-03 00:00:00 UTC) Source

References

http://www.securityfocus.com/bid/97498 https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/ http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html https://www.exploit-db.com/exploits/41894/ https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/ https://www.exploit-db.com/exploits/41934/ https://www.exploit-db.com/exploits/42995/ http://www.securitytracker.com/id/1038224

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_word_hta.rb 2025-04-29 11:01:35 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

office_word_hta

Type: metasploit • Created: Unknown

Metasploit module for CVE-2017-0199

kash-123/CVE-2017-0199

Type: github • Created: 2024-09-10 13:31:55 UTC • Stars: 0

Python3 toolkit update

TheCyberWatchers/CVE-2017-0199-v5.0

Type: github • Created: 2023-09-02 19:15:12 UTC • Stars: 0

Sunqiz/CVE-2017-0199-reprofuction

Type: github • Created: 2022-08-15 07:15:55 UTC • Stars: 2

CVE-2017-0199复现

BRAINIAC22/CVE-2017-0199

Type: github • Created: 2022-04-22 19:10:16 UTC • Stars: 0

A python script/generator, for generating and exploiting Microsoft vulnerability

Phantomlancer123/CVE-2017-0199

Type: github • Created: 2022-04-20 09:07:52 UTC • Stars: 1

stealth-ronin/CVE-2017-0199-PY-KIT

Type: github • Created: 2020-10-18 20:24:38 UTC • Stars: 0

likekabin/CVE-2017-0199

Type: github • Created: 2018-03-22 08:40:55 UTC • Stars: 0

herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199

Type: github • Created: 2017-11-17 20:00:29 UTC • Stars: 2

viethdgit/CVE-2017-0199

Type: github • Created: 2017-09-19 12:38:47 UTC • Stars: 0

sUbc0ol/Microsoft-Word-CVE-2017-0199-

Type: github • Created: 2017-06-30 09:08:40 UTC • Stars: 0

n1shant-sinha/CVE-2017-0199

Type: github • Created: 2017-04-23 13:58:30 UTC • Stars: 2

Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration.

mzakyz666/PoC-CVE-2017-0199

Type: github • Created: 2017-04-22 11:32:39 UTC • Stars: 2

Exploit toolkit for vulnerability RCE Microsoft RTF

Exploit-install/CVE-2017-0199

Type: github • Created: 2017-04-22 04:01:38 UTC • Stars: 7

Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / any other payload to victim without any complex configuration.

haibara3839/CVE-2017-0199-master

Type: github • Created: 2017-04-19 04:15:54 UTC • Stars: 16

CVE-2017-0199

NotAwful/CVE-2017-0199-Fix

Type: github • Created: 2017-04-18 06:33:45 UTC • Stars: 14

Quick and dirty fix to OLE2 executing code via .hta

bhdresh/CVE-2017-0199

Type: github • Created: 2017-04-17 08:10:07 UTC • Stars: 727

Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.