What is CVE-2017-8501?

CVE-2017-8501 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-07-11.

How severe is CVE-2017-8501?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Microsoft Excel

CVE-2017-8501

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.

Vulnerability class: Buffer Overflow

EPSS: 0.313 (96.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Excel — versions 2007, 2010, 2013
Microsoft Excel_viewer — versions 2007
Microsoft Office — versions 2011, 2016
Microsoft Office_compatibility_pack
Microsoft Office_online_server — versions 2016
Microsoft Sharepoint_server — versions 2010, 2013
Microsoft Corporation Office 2007 Sp3, Excel Viewer 2010 Sp2, Services On Sharepoint Server Sp1, For Mac 2011, 2013 Rt Enterprise 2013, 2016, 2016 Mac, Online And Compatibility Pack Sp3. — versions Microsoft Office

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2017-8501?: CVE-2017-8501 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-07-11.
How severe is CVE-2017-8501?: High severity. CVSS v3 base score is 7.8 out of 10.