CVE-2017-8570

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 03, 2017
Published Date: July 11, 2017
Last Updated: February 10, 2025
Vendor: Microsoft Corporation
Product: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.
Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-02-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2019-05-08 20:53:27 UTC) Source

References

http://www.securityfocus.com/bid/99445 https://github.com/rxwx/CVE-2017-8570 https://github.com/tezukanice/Office8570 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570 https://github.com/ParsingTeam/ppsx-file-generator

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-02-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

erfze/CVE-2017-8570

Type: github • Created: 2020-08-06 09:12:37 UTC • Stars: 1

CVE-2017-8570 Exp改造及样本分析

sasqwatch/CVE-2017-8570

Type: github • Created: 2019-05-08 20:53:27 UTC • Stars: 0

Drac0nids/CVE-2017-8570

Type: github • Created: 2019-01-03 15:12:39 UTC • Stars: 3

## 在kali中自动化生成cve-2017-8570的恶意ppsx文件和配置msf监听

SwordSheath/CVE-2017-8570

Type: github • Created: 2018-04-08 10:07:17 UTC • Stars: 5

CVE-2017-8570生成脚本(CVE-2017-0199另一种利用方式)

MaxSecurity/Office-CVE-2017-8570

Type: github • Created: 2018-02-26 04:41:24 UTC • Stars: 0

rxwx/CVE-2017-8570

Type: github • Created: 2018-01-09 19:09:33 UTC • Stars: 186

Proof of Concept exploit for CVE-2017-8570