Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2017-8570
PUBLISHEDMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code...
- Vendor
- Microsoft Corporation
- Product
- Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.
- Published
- Jul 11, 2017
- EPSS
- —
Description
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2022-02-25 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Feb 25, 2022 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2019-05-08 20:53:27 UTC · 0 stars
github · Created 2019-01-03 15:12:39 UTC · 3 stars
## 在kali中自动化生成cve-2017-8570的恶意ppsx文件和配置msf监听
github · Created 2018-04-08 10:07:17 UTC · 5 stars
CVE-2017-8570生成脚本(CVE-2017-0199另一种利用方式)
github · Created 2018-02-26 04:41:24 UTC · 0 stars
github · Created 2018-01-09 19:09:33 UTC · 186 stars
Proof of Concept exploit for CVE-2017-8570
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel