Home / Early Warning / Vulnerabilidades / CVE-2017-0199

CVE-2017-0199

Type: 
Unavailable / Other
Severity: 
High
Publication date: 
04/12/2017
Last modified: 
10/02/2019
Description
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields