Information disclosure in Microsoft Office
CVE-2017-0105
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive info…
Vulnerability class: Information Disclosure
EPSS: 0.432 (97.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Microsoft Office — versions 2010
- Microsoft Office_compatibility_pack
- Microsoft Office_web_apps — versions 2010
- Microsoft Sharepoint_server — versions 2010
- Microsoft Word — versions 2007
- Microsoft Word_automation_services
- Microsoft Word_for_mac — versions 2011
- Microsoft Corporation Office — versions Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2
Weakness classification (CWE)
References
- secure@microsoft.com (vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-0105?
- CVE-2017-0105 is a medium-severity vulnerability in Microsoft Office, classified under Information Disclosure. CVSS score: 5.5/10. Published 2017-03-17.
- How severe is CVE-2017-0105?
- Medium severity. CVSS v3 base score is 5.5 out of 10.