What is CVE-2017-8506?

CVE-2017-8506 is a high-severity vulnerability in Microsoft Outlook. CVSS score: 7.8/10. Published 2017-06-15.

How severe is CVE-2017-8506?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-8506 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Outlook

CVE-2017-8506

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2…

EPSS: 0.339 (97.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Outlook — versions 2010, 2013, 2016
Microsoft Corporation Office — versions Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016.

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-8506?: CVE-2017-8506 is a high-severity vulnerability in Microsoft Outlook. CVSS score: 7.8/10. Published 2017-06-15.
How severe is CVE-2017-8506?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-8506 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.