What is CVE-2017-0281?

CVE-2017-0281 is a high-severity vulnerability in Microsoft Office. CVSS score: 7.8/10. Published 2017-05-12.

How severe is CVE-2017-0281?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Microsoft Office

CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise S…

EPSS: 0.433 (97.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Office — versions 2007, 2010, 2013
Microsoft Office_online_server — versions 2016
Microsoft Office_web_apps — versions 2010, 2013
Microsoft Project_server — versions 2013
Microsoft Sharepoint_foundation — versions 2013
Microsoft Sharepoint_server — versions 2010, 2013, 2016
Microsoft Skype_for_business — versions 2016
Microsoft Word — versions 2016
Microsoft Corporation Office — versions Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-0281?: CVE-2017-0281 is a high-severity vulnerability in Microsoft Office. CVSS score: 7.8/10. Published 2017-05-12.
How severe is CVE-2017-0281?: High severity. CVSS v3 base score is 7.8 out of 10.