7.8 CVE-2017-8570

Exploit Patch Used by Malware Used by Ransomware CISA Kev Catalog Used by Malware
 

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
https://nvd.nist.gov/vuln/detail/CVE-2017-8570

Categories

CWE-NVD-noinfo

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*

REMEDIATION

Microsoft

Product Article Download
Microsoft Office 2007 Service Pack 3 3213640 Security Update
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3213624 Security Update
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3213624 Security Update
Microsoft Office 2013 Service Pack 1 (32-bit editions) 3213555 Security Update
Microsoft Office 2013 Service Pack 1 (64-bit editions) 3213555 Security Update
Microsoft Office 2016 (32-bit edition) 3213545 Security Update
Microsoft Office 2016 (64-bit edition) 3213545 Security Update

Patch

Url
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570

EXPLOITS

Exploit-db.com

id description date
44263 Microsoft Office - 'Composite Moniker Remote Code Execution 2018-01-09 00:00:00

Other (github, ...)

Url
https://github.com/ParsingTeam/ppsx-file-generator
https://github.com/tezukanice/Office8570
https://github.com/SwordSheath/CVE-2017-8570
https://github.com/sasqwatch/CVE-2017-8570

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry

MITRE