Buffer overflow in Microsoft Office_compatibility_pack
CVE-2017-8742
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint…
Vulnerability class: Buffer Overflow
EPSS: 0.365 (97.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Office_compatibility_pack
- Microsoft Office_web_apps — versions 2010
- Microsoft Office_web_apps_server — versions 2013
- Microsoft Powerpoint — versions 2007, 2010, 2013
- Microsoft Powerpoint_viewer — versions 2010
- Microsoft Sharepoint_enterprise_server — versions 2016
- Microsoft Sharepoint_server — versions 2016
- Microsoft Corporation Office — versions Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3
Weakness classification (CWE)
References
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-8742?
- CVE-2017-8742 is a high-severity vulnerability in Microsoft Office_compatibility_pack, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-09-13.
- How severe is CVE-2017-8742?
- High severity. CVSS v3 base score is 7.8 out of 10.