CVE-2017-0199

Confirmed PUBLISHED

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server...

Microsoft Corporation · Office/WordPad
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 99.9%

At a Glance

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

ransomware windows malware cisa metasploit microsoft
CVE Published
Apr 12, 2017
Exploitation Reported
Nov 03, 2021
CVSS
7.8 High
EPSS
99.9%
Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
Microsoft Corporation
Office/WordPad

Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1

Affected

CVE References

  • 41894 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41894/
  • 41934 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41934/
  • 42995 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42995/
  • 97498 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/97498
  • 1038224 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1038224
Show 6 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.