CVE-2017-0261

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 09, 2016
Published Date: May 12, 2017
Last Updated: February 10, 2025
Vendor: Microsoft Corporation
Product: Microsoft Office
Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2020-08-22 03:01:51 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261 http://www.securityfocus.com/bid/98104 http://www.securitytracker.com/id/1038444

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

erfze/CVE-2017-0261

Type: github • Created: 2020-08-22 03:01:51 UTC • Stars: 0

CVE-2017-8570 Exp及利用样本分析

kcufId/eps-CVE-2017-0261

Type: github • Created: 2019-03-31 07:29:48 UTC • Stars: 10

eps漏洞(CVE-2017-0261)漏洞分析