vulnerability

Microsoft CVE-2017-0204: Microsoft Office Security Feature Bypass Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Apr 11, 2017	Apr 11, 2017	May 16, 2018

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 11, 2017

Added

Apr 11, 2017

Modified

May 16, 2018

Description

A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software.The security update addresses the vulnerability by correcting how Microsoft Office handles the parsing of file formats.

Solutions

msft-kb3118388-2afe0580-9adc-4f9f-8d65-35755069c879msft-kb3118388-76d33995-da06-415f-85fa-3b44cce23ec1msft-kb3127890-0db092b3-c980-4ee6-9b56-54c5790bac86msft-kb3172519-a866b500-68d9-4b2c-ab73-43bb9c1c513dmsft-kb3172519-b0f71335-e36d-4165-b257-2a143051e1a9

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today